Beyond  the  Internet 

The  latest  on  university  and  National  Science  Foundation 
efforts  to  develop  futuristic  research  networks.  PAGE  10. 


Hurricane  heroics 

Carriers  try  to  pull  out  all  the 
stops  to  keep  people  connected. 
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Testing  Cisco 

New  Catalyst  4948-1 OGE  switch 
aces  our  performance  tests. 
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Google  hacking 

What  started  as  a  joke  builds  into  a  movement. 


BY  ROBERT  MCMILLAN, 

IDG  NEWS  SERVICE 

Johnny  Long  says 
he  has  never 
met  a  Google 
employee.  And  yet 
he  is  at  the  center  of 
a  community  of  secu¬ 
rity  experts  and  search 
engine  enthusiasts  that 
might  be  developing  some 
of  the  most  interesting  uses 
of  Google  technology  today 
For  the  past  10  years,  Long  has  made  his  living  as  a  penetra¬ 
tion  tester,  a  “white  hat”  hacker  who  is  asked  to  break  into  com¬ 
puter  systems  to  test  their  security  vulnerabilities. 

See  Google,  page  14 


DAN  VASCONCELLOS 


Microsoft  warms  up 
voice  software  plans 


BY  JOHN  FONTANA,  TIM  GREENE,  PHIL  HOCHMUTH 

Microsoft  is  executing  a  broad  plan  to  provide  cus¬ 
tomers  with  software  interfaces  to  traditional  voice 
and  VoIP  services  that  will  let  them  make  and  man¬ 
age  calls  from  desktops,  mobile  devices  or  Web- 
based  services. 

More  pieces  of  the  company’s  strategy  fell  into 
place  last  week  when  Microsoft  acquired  VoIP  soft¬ 
ware  and  services  vendor  Teleo  to  upgrade  voice  ser¬ 
vices  on  MSN.  Also,  an  expansion  of  its  partnership 
with  Nortel  gives  Microsoft  another  vendor  to  help 
integrate  traditional  phone  service  with  its  real-time 
communications  platform,  specifically  its  Office 
Communicator  2005  client  and  corresponding 
Office  Live  Communications  Server  2005. 

“What  they  want  to  do  ultimately  is  own  the  inter¬ 


face,”  says  Irwin  Lazar,  an  analyst  with  Burton  Group. 
“They  want  to  provide  that  client  on  the  desktop,  the 
mobile  phone,  the  softphone  regardless  of  the  back¬ 
end  [voice]  system.” 

Microsoft  also  is  positioning  its  infrastructure  soft¬ 
ware  to  support  voice.  For  example,  it  will  use  Active 
Directory  as  the  repository  for  identity  and  attribute 
information,  including  phone  numbers,  and  a  future 
version  of  Exchange  as  a  unified  message  store  for 
voice  mail. 

In  addition,  a  mobile  version  of  Office  Communi¬ 
cator,  expected  in  beta  in  the  coming  months,  will 
extend  the  client’s  VoIP  and  call-control  features  to 
mobile  devices. 

Lazar  says  it  appears  Microsoft  is  less  concerned 

See  Microsoft,  page  16 


Carmakers  unite  on 
global  data  sharing 


BY  ELLEN  MESSMER 

DETROIT  —  The  promise  of  the 
giant  Chinese  auto  market  has 
spurred  carmakers  worldwide  to 
rally  around  a  new  standard  for 
data  exchange  that  they  say  is 
needed  to  exploit  the  opportunity. 

Announced  at  last  week’s  Auto- 


Tech  Conference  in  Detroit  by 
European,  Japanese  and  U.S.  stan¬ 
dards  bodies,  the  Joint  Auto¬ 
motive  Data  Model  (JADM)  is 
designed  to  provide  a  common 
way  for  manufacturers  and  sup¬ 
pliers  to  swap  XML-formatted 
See  Auto-Tech,  page  49 


SuDermarket  chain 


Lance  Fischer,  network 
systems  manager  for  Balls 
Food  Stores,  clamps  down 
on  unauthorized  Web 
surfing  via  aggressive 
policy  enforcement  and 
filtering  technology. 


Vendors  prep 
mgmt  tools 
to  handle 
virtualization 

BY  JENNIFER  MEARS  AND 
DENISE  DUBIE 

Computer  Associates  and  BMC 
Software  will  soon  join  IBM  in  up¬ 
grading  their  management  pack¬ 
ages  to  help  customers  get  a  han¬ 
dle  on  their  growing  virtualized 
environments,  making  it  easier  to 
shift  server  workloads  to  meet 
business  demands. 

At  its  user  conference  in  No¬ 
vember,  CA  is  expected  to  detail  a 
tighter  partnership  with  server  vir¬ 
tualization  specialist  VMware  to 
let  users  shift  workloads  across 
VMware  virtual  servers.  BMC  is 
See  Virtualization,  page  12 
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Mr.  50,000  Global 
Remote  and  Mobile 
Users  Connected 
Without  a  VPN. 


NISSAN 


"At  Nissan,  we  expect  to  save  at  least  $135  million  annually 
thanks  to  the  efficiencies  that  Windows  Server  2003  and 
Exchange  Server  2003  are  helping  us  achieve." 

Toshihiko  Suda 

Senior  Manager,  Nissan  Motor  Company,  Ltd. 


Make  a  name  for  yourself  with  Windows  Server  System. 

An  upgrade  to  Microsoft  Windows  Server  System 
made  it  possible  for  50,000  worldwide  employees 
at  Nissan  Motor  Company  to  have  more  secure 
remote  access  to  their  e-mail  and  calendars 
from  any  Internet  connection,  without  the  hassle 
and  expense  of  a  VPN.  Here's  how:  By  deploying 
Windows  Server  2003  and  Exchange  2003,  not  only 
did  Nissan  IT  meet  the  CEO's  demand  for  better  global 
collaboration,  they  expect  to  save  at  least  $135  million 
by  streamlining  their  messaging  infrastructure. 
To  get  the  full  Nissan  story  or  find  a  Microsoft 
Certified  Partner,  go  to  microsoft.com/wssystem 
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Windows 
Server  System 


Windows  Server  System™  includes: 


Server  Platform  Windows  Server” 


Virtualization 

Virtual  Server 

Data  Management  &  Analysis 

SQL  Server” 

Communications 

Exchange  Server 

Portals  &  Collaboration 

Office  SharePoinr  Portal  Server 

Integration 

BizTalk*  Server 

Management 

Systems  Management  Server 

Microsoft'  Operations  Manager 

Security 

Internet  Security  &  Acceleration  Server 

Plus  other  software  products 


XEON 


See  how  HP  Services  and  HP  Consolidation  Solutions  can  help  you  by  downloading 
IT  Consolidation  on  the  HP  BladeSystem  at  hp.com/info/blades 
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Podcast:  LEGO  as  a  hobby 

Allan  Bedford,  a  software  analyst  from 
the  Ontario,  Canada,  has  turned  his 
hobby  of  building  models  with  LEGOs 
into  a  book,  The  Unofficial  LEGO 
Builder's  Guide.  Learn  how  he  goes 
about  creating  his  models,  and  how 
anyone  young  or  old  can  get  started 
with  LEGOs, 

DocFinder  8729 

2005  Salary  Calculator 

Are  you  making  what  you're  worth? 
Register  free  and  find  out  how  your 
compensation  compares  to  that  of  your 
peers.  DocFinder:  8121 

Forum:  Open  Wi-Fi  and  the  law 

We  all  know  about  Wi-Fi  thieves,  but 
what  about  those  home  owners  who 
refuse  to  lock  down  their  wireless 
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thoughts.  DocFinder  8730 

Hurricane  Katrina,  an  FT  perspective 

What’s  the  first  thing  Ken  Fasimpaur 
thought  when  he  saw  Katrina's  devas¬ 
tation  on  TV?:  "I  hope  that  those  peo¬ 
ple  have  backups,"  Here  he  reflects  on 
the  intersection  of  humanity  and  IT 
when  disaster  strikes. 
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Massachusetts  mulls  move  to  open  source  documents 

■  State  offices  in  Massachusetts  could  soon  be  rid  of  proprietary  digital  docu¬ 
ments,  if  a  recent  proposal  to  move  to  open  source  document  formats  is 
approved.The  proposal,  drafted  by  the  Information  Technology  Division  of  the 
commonwealth  of  Massachusetts,  would  have  all  documents  in  offices  run 
by  the  state  moved  from  Microsoft  Office,  IBM  Lotus  Notes,  WordPerfect 
and  other  proprietary  formats  by  2007.The  proposal  calls  for  documents 
to  be  moved  to  the  OpenDocument  file  format  standard,  an  open  source,  XML- 
based  file  format.  State  officials  say  part  of  the  idea  is  to  preserve  state  docu¬ 
ments  in  a  format  that  can  be  read  in  the  future.  Another  goal  is  to  make  state  doc¬ 
uments  available  to  a  wider  range  of  users.  Peter  Quinn,  CIO  for  Massachusetts, 


TheGoodTheBadTheUgly 

<  A  Safe  Call.  Using  a  mobile  phone  for  10  years  does 
not  significantly  increase  the  risk  of  developing  a  tumor, 
according  to  a  new  study  from  the  U.K.'s  Institute  of 
Cancer  Research.  The  investigation  was  the  biggest  to 
date  that  has  studied  the  relationship  between 
mobile  phones  and  a  type  of  tumor  that 
occurs  close  to  the  ear  called  an  acoustic 
neuroma,  according  to  the  study's  authors. 

Who  needs  desktop  Linux?  a 

report  by  analyst  firm  Gartner  says  that  despite 
recent  hype  around  open  source  desktop  software, 
technologies  such  as  Linux  and  0pen0ffice.org  are 
jim  pa'ilot  not  p0sing  challenges  to  Microsoft  in  enterprise 
desktop  computing.  One  obstacle  for  open  source  is  uncertainty  about 
which  desktop  environment  —  KDE  or  GNOME  —  will  emerge  as  the 
standard  for  Linux  desktop  computing. 


says  the  state  has  not  committed  to  any  office  software,  whether  the  open  source 
OpenOffice  platform,  Microsoft  Office  or  other  applications. 


Tragedy  brings  cyberscammers 

■  The  disaster  in  Louisiana  and  Mississippi  has 
brought  out  another  scourge:  scammers  setting 
up  faux  Web  sites  and  sending  phony  e-mails  try¬ 
ing  to  collect  money  from  people  looking  to  help 
victims.  The  FBI  said  it  was  investigating  reports 
of  grifters  using  e-mail  and  Web  sites  to  imperson¬ 
ate  legitimate  fundraising  and  relief  organiza¬ 
tions.  Unfortunately  this  scurrilous  activity  isn’t 
new.  According  to  a  Washington  Post  report,  after 
last  year’s  tsunami  in  South  Asia,  a  survey  by 
MasterCard  International  and  security  firm 
NameProtect  found  more  than  170  tsunami-relat¬ 
ed  scam  sites  being  used  to  siphon  donations  to 
relief  efforts.  Fraud  watchers  say  Americans  who 
want  to  make  contributions  should  stick  to  Web 
sites  of  established  national  charities.  The  Web 
site  for  the  Federal  Emergency  Management 
Agency  (www.networkworld.com,  DocFinder: 
8750)  also  lists  a  number  of  Web  sites  where  peo¬ 
ple  can  securely  send  donations  to  legitimate 
charities,  as  does  www.give.org.,  part  of  the  chari¬ 
ty-monitoring  service  of  the  Better  Business 
Bureau. 


COMPENDIUM  ^ 

The  Web  command  line 

Yubnub  is  an  effort  to  bring  the  command 
line  to  the  Web  —  via  a  search  engine  that 
lets  you  and  other  users  create  and  use 
macros  as  shortcuts  to  Web  resources.  No 
more  navigating  to  Google  Maps  for  a  map 
of  Vancouver;  just  type  “gmap  Vancouver.". 
See  it  in  action  at  www.networkworld. 
com,  DocFinder:  8742. 
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“I  hope  that  those  people  have 
backups,  I  thought  immediately.” 

Ken  Fasimpaur,  an  IT  coordinator  with  a  midsize  company,  com¬ 
menting  on  news  pictures  of  Hurricane  Katrina's  damage  in  his 
IT  Borderlands  blog. 

See  blog  at  www.networkwoHd.com,  DocFinder:  8743. 

Intel  fires  back  at  AMD 

■  Intel  last  week  filed  its  formal  response  to  an  anti¬ 
trust  complaint  lodged  by  Advanced  Micro  Devices, 
denying  it  violated  any  laws  and  accusing  AMD  of 
trying  to  shield  itself  from  competition.  In  late  June, 
AMD  charged  Intel  was  illegally  using  its  position  as 
a  dominant  supplier  in  the  processor  industry  to  ex¬ 
clude  AMD  from  PCs  and  servers  sold  by  companies 
such  as  Dell  and  HPIntel  had  previously  denied  the 
charges  but  filed  its  formal  response  to  AMD’s  com¬ 
plaint  with  the  U.S.  District  Court  for  the  District  of 
Delaware  last  week.  In  its  63-page  answer,  Intel  laid 
out  its  legal  strategy  for  a  case  that  is  expected  to 
drag  on  for  months,  or  even  years.The  world’s  largest 
chipmaker  intends  to  argue  that  AMD’s  business 
decisions,  not  Intel’s  conduct,  are  responsible  for  its 
market  share  in  the  processor  industry  According  to 
data  from  Mercury  Research,  Intel  ships  a  little  more 
than  80%  of  all  desktop,  notebook  and  server 
processors  with  the  x86  instruction  set,  while  AMD 
ships  around  17%  of  those  chips. 

The  Donald  on  offshoring 

■  No  one  was  sure  who  asked  but  Donald  Trump 
decided  to  spout  off  about  the  topic  of  offshoring  on 
his  blog  last  week.  He  said:“I  understand  that  out- 


Publicity  hounds.  We  didn't  have  to  wait  long  after 
Hurricane  Katrina  struck  for  press  releases  to  come  streaming  in 
about  how  heroic  technology  vendors  were  saving  the  day  for  their 
clients.  One  company  hard  up  for  attention  even  featured  a  headline  on 
its  press  release  about  how  its  client  was  able  to  handle  a  “flood  of 
patients."  (The  vendor  shall  remain  nameless  here,  to  avoid  giving  it 
any  publicity.) 


sourcing  means  that  employees  lose  jobs.  Because 
work  is  often  outsourced  to  other  countries,  it  means 
Americans  lose  jobs.  In  other  cases,  nonunion 
employees  get  the  work.  Losing  jobs  is  never  a  good 
thing,  but  we  have  to  look  at  the  bigger  picture.” 
Trump  went  on  to  say“I  know  that  doesn’t  make  it 
any  easier  for  people  whose  jobs  have  been  out¬ 
sourced  overseas,  but  if  a  company’s  only  means  of 
survival  is  by  farming  jobs  outside  its  walls,  then 
sometimes  it’s  a  necessary  step.”The  missive  found 
support  in  the  pro-outsourcing  world  but  others  said 
Trump  should  stick  to  his“Apprentice”TV  show. 

Contract  heaven 

■  The  20  largest  U.S.  government  IT  contracts  likely 
to  be  awarded  in  fiscal  year  2006  total  $250  billion, 
and  vendors  still  have  time  to  bid  on  many  of  those 
jobs,  according  to  Input,  a  Virginia  firm  that  assists 
private  companies  with  federal  contracts.  The  $250 
billion  compares  with  $184.9  billion  in  U.S.  govern¬ 
ment  IT  contracts  awarded  in  fiscal  year  2004.  Fiscal 
year  2006,  which  starts  Oct.  1,  might  represent  the 
best  year  ever  for  small  IT  vendors  looking  to  do 
business  with  the  U.S.  government.  Among  IT  con¬ 
tracts  scheduled  to  be  awarded  is  a  government¬ 
wide  contract  as  part  of  the  Alliant  project  adminis¬ 
tered  by  the  U.S.  General  Services  Administration, 
worth  up  to  an  estimated  $50  billion  over  10  years, 
for  a  range  of  IT  services,  such  as  biometrics,  com¬ 
munications  and  security  Input  estimates  that  the 
agency  will  issue  a  request  for  proposals  for  the 
Alliant  project  contract  before  the  end  of  the  2005 
fiscal  year. 


Juniper  N 


t 


»  Remote  sites  running  sluggishly?  Juniper  Networks’  application  acceleration  solutions  dramatically  improve 
performance  of  your  company’s  web  site  and  networked  apps.  So  everyone  -  internal  and  external  -  enjoys 
a  dramatically  better  network  experience.  What’s  more,  you’ll  simultaneously  reduce  network  and  infrastructure 
costs  while  improving  productivity.  Visit  www.juniper.net/freetrial  for  your  free  trial  and  customized  Network 
Health  Report.  Then  quick!  Juniper  your  net. 
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Katrina  tests  net  service  providers 

Landline  and  wireless  facilities  are  hit  hard. 


A P PHOTO 


Colorado's  Lt.  Gov.  Jane  Norton  listens  in  on  a  phone  call  from  a  victim  of 
Hurricane  Katrina  at  the  American  Red  Cross  phone  center  in  Denver,  on 
Tuesday,  Aug.  30.  The  phone  center  activated  during  disasters  is  helping  to 
handle  thousands  of  calls  from  victims  of  Katrina. 


BY  TIM  GREENE 

While  most  telecom  facilities  in 
the  hardest-hit  Gulf  areas  were 
wiped  out  during  and  after 
Hurricane  Katrina,  it  wasn’t  for 
lack  of  some  extraordinary  efforts 
by  skeleton  carrier  crews  who 
remained  behind  to  keep  equip¬ 
ment  online  as  windows  shat¬ 
tered  around  them  and  New 
Orleans  was  evacuated. 


Myles  Falvelle,  spokesman,  TelCove 

TelCove,  a  competitive  local 
exchange  carrier  (CLEC)  in  the 
eastern  U.S.,  managed  to  keep  its 
New  Orleans  switching  office  run¬ 
ning  but  had  no  way  of  telling 
whether  services  were  being 
delivered.  “We’re  not  sure  what’s 
out,”  said  Myles  Falvelle,  a 
spokesman  for  the  provider. 
“There’s  no  people  out  there  to 
say  if  service  is  up  or  not  in  a  par¬ 
ticular  building.” 

As  U.S.  Army  troops  entered 
New  Orleans  Thursday  the  FCC 


sought  help  from  CLECs  to  inven¬ 
tory  what  services  they  had  run¬ 
ning  and  what  their  needs  were 
for  fuel  to  run  generators.  The 
goal  was  to  provide  critical  ser¬ 
vices  necessary  for  recovery  per¬ 
sonnel,  Falvelle  said. 

Phone  companies  already  were 
granted  extraordinary  authority 
to  port  numbers  to  out-of-state 
locations  —  something  that  is 


normally  time  consuming,  if 
allowed  at  all.  For  instance,  CLEC 
provider  U.S.LEC  ported  the  num¬ 
bers  of  New  Orleans  Hilton 
Hotels  to  Hilton  facilities  outside 
the  storm  zone,  so  when  people 
called  to  check  on  guests,  some¬ 
one  was  there  to  answer  the 
phone,  said  Aaron  Cowell,  CEO  of 
U.S.  LEC. 

With  communications  out  in 
the  most-heavily  damaged  areas, 
people  were  unable  to  find  out 
how  loved  ones  fared.  Jerald 


Sheets,  senior  Unix  systems 
administrator  for  The  Weather 
Channel  Interactive  in  Atlanta, 
who  formerly  worked  as  a  Unix 
administrator  for  a  nonprofit  hos¬ 
pital  in  Baton  Rouge,  La., said, “We 
still  can’t  find  some  family  mem¬ 
bers.” 

For  most  of  the  week  telco 
crews  assigned  to  repairs  in 
Mississippi  and  New  Orleans 
could  not  get  in  because  roads 
were  inaccessible  and  it  was  still 
too  dangerous  to  dispatch  work¬ 
ers,  said  BellSouth  spokesman 
Joe  Chandler. 

BellSouth  would  not  say  how 
many  central  offices  were 
knocked  out  but  said  1.4  million 
lines  in  Louisiana,  Mississippi  and 
Alabama  were  affected  by  the 
storm.  This  includes  lines  served 
by  central  offices  that  resorted  to 
back-up  generators  for  power  but 
whose  fuel  would  soon  run  out. 

In  areas  where  people  were 
evacuated  and  the  roads  wiped 
out,  the  company  still  doesn’t 
know  exactly  what  caused  some 
of  the  central  offices  to  drop 
offline.  “The  picture  is  still  real 
sketchy  for  us”  Chandler  said. 
“We’re  trying  to  gain  access  to 
parts  of  the  network.” 


Landline  outages  also  shut 
down  cellular  networks,  cutting 
off  the  T-ls  that  link  cell  towers 
to  the  wired  network,  said 
Patrick  Kimball,  a  spokesman  for 
Verizon  Wireless.  Some  cell  facil¬ 
ities  with  back-up  generators 
kept  working,  enabling  some 
people  to  call  out. 

Cellular  operators  know  which 
cell  transmitter/receivers  get  the 
most  use  so  can  target  them  for 


first  repair,  said  Ritch  Blasi,  a 
spokesman  for  Cingular  Wireless. 
The  company  had  cells  on 
wheels  and  on  light  trucks  ready 
to  roll  in  as  soon  as  it  had  clear¬ 
ance,  he  said. 

Crews  at  Internet  domain  regis¬ 
trar  DirectNIC  weathered  the 
storm  at  the  company’s  French 
Quarter  office.  One  member  post¬ 
ed  a  blog  about  the  experience, 
describing  the  storm,  damage, 
looting  and  mayhem  as  reported 
to  him  via  police  stationed  in  the 
building  (see  www.network 
world.com,  DocFinder:  8745). 

In  Metairie,  La.,  which  is  adja¬ 
cent  to  New  Orleans,  U.S.  LEC 
posted  a  two-man  crew  to  keep 
its  switches  up  and  running.  The 
two  lived  in  New  Orleans  and 
worked  for  days  without  know¬ 
ing  the  fate  of  their  homes, 
Cowell  said. 

They  kept  the  node  running 
through  Wednesday,  when  they 
ran  out  of  fuel  and  had  to  power 
down  the  Lucent  voice  and  data 
switches.  Police  stationed  in  the 
building  pulled  out  Tuesday,  mak¬ 
ing  it  less  safe  to  stay  Cowell  said. 

Network  World  Senior  Editor 
Denise  Dubie  contributed  to  this 
story. 


Siemens  expands  HiPath  features 


BY  STEPHEN  LAWSON,  IDG  NEWS  SERVICE 

Siemens  last  week  announced  it  will 
update  its  HiPath  Xpressions  message  plat¬ 
form  to  make  it  easier  for  customers  to  use 
on  the  go  and  with  non-Siemens  corporate 
phone  systems. 

Among  other  things,  HiPath  Xpressions  4.0 
adds  voice  commands  and  shortcuts  for  man¬ 
aging  and  retrieving  messages,  as  well  support 
for  Session  Initiation  Protocol  (SIP), according 
to  Ralph  Riley  U.S.  group  manager  for  product 
marketing  at  Siemens. 

The  platform,  which  runs  on  standard  server 
hardware  in  corporations,  lets  users  access 
voice  mail,  e-mail  and  faxes  via  a  PC  or  a 
phone.Through  its  text-to-speech  feature,  users 
can  have  e-mail  messages  and  faxes  read  to 
them  along  with  voice  mail  on  any  phone. 
They  can  also  respond  to  e-mail  from  a  phone 
by  recording  a  voice  clip  and  attaching  it  to 
the  reply  message,  Riley  says. 

By  adding  speech  recognition  to  the  soft¬ 
ware,  Siemens  is  introducing  “hands-free”  mes¬ 
sage  playback  and  other  functions,  he  says. 


Users  also  can  update  a  calendar  entry  accept 
a  calendar  request,  manage  contact  lists  and 
forward  messages  through  voice  commands. 

Another  new  feature,  Trusted  Number 
Access,  lets  users  bypass  the  usual  authentica¬ 
tion  process  when  they  dial  in  to  the  HiPath 
Xpressions  server  from  a  frequently  used  num¬ 
ber  such  as  a  cell  phone,  Riley  says.  A  call  will 
go  directly  to  the  server’s  menu.  Navigating  the 
menu  also  will  be  easier  with  abbreviated 
prompts  for  experienced  users  and  program¬ 
mable  shortcuts  that  users  can  set  up  through 
a  Web  interface. 

Siemens  also  expanded  multi-vendor  sup¬ 
port.  HiPath  Xpressions  4.0  works  with  14  dif¬ 
ferent  PBX  platforms,  so  employees  connect¬ 
ed  to  any  of  those  PBXs  can  access  and  man¬ 
age  voice  mail  through  Xpressions  along  with 
their  e-mail,  Riley  says. 

In  addition,  the  company  has  made  HiPath 
Xpressions  compatible  with  SIP  Because  this 
standard  signaling  system  is  widely  used  in  IP 
telephony  and  messaging  systems,  Xpressions 
will  work  easily  with  many  SIP-based  plat¬ 


forms  and  applications,  Riley  says.  Without 
SIP  support,  interoperability  needs  to  be  set 
up  for  one  product  at  a  time,  he  says. 

Siemens  added  support  for  third-party 
voice  mail  systems,  which  is  a  major 
enhancement  to  the  platform,  says  Robert 
Arnold,  an  analyst  at  Current  Analysis.  Some 
companies  have  several  different  phone  and 
voice  mail  systems  in  different  divisions  or 
locations,  sometimes  because  they  have 
acquired  other  companies.  Making  all  those 
systems  work  with  HiPath  Xpressions  could 
make  life  easier,  he  says. 

For  one  thing,  if  administrators  can  manage 
all  the  systems  under  HiPath  Xpressions,  it 
will  be  easier  to  set  up  consistent  policies  for 
how  and  when  different  employees  can  use 
certain  services,  Arnold  says.  In  addition,  the 
programmable  shortcut  feature  will  let 
administrators  set  up  for  each  division  or 
office  key  combinations  that  duplicate  the 
ones  they  use  on  the  legacy  voice  mail  sys¬ 
tem,  he  says. 

HiPhth  Xpressions  4.0  starts  at  $80  per  seat.B 


“We’re  not  sure  what’s  out. There’s  no 
people  out  there  to  say  if  service  is  up 
or  not  in  a  particular  building.” 


Obviously,  great 
minds  think  alike. 


73%  of  the  FORTUNE  100®  and  76% 
of  the  European  100  compared  business 
collaboration  providers  and  came  to 
a  single  conclusion. 
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Fiberoptic  research  net  gains  steam 

National  Lambdarail  is  branching  out  across  the  country  and  gaining  commercial  interest. 


The  research  rail 


National  Lambdarail, 
designed  to  give  re¬ 
search  groups  access 
to  a  powerful  network 
for  experimentation,  is 
in  its  second  build-out 
phase. 

•  Phase  1 

•  Phase  2 

DWDM  fiber  route 
- 0C-192  SONET 


Note:  Phase  II  was  scheduled  for  completion  in  November. 

SOURCE:  NATIONAL  LAMBDARAIL 


BY  CARA  GARRETSON 

Despite  a  setback  caused  by 
Hurricane  Katrina,  National  Lamb¬ 
darail,  a  nationwide  fiber-optic 
network  designed  to  facilitate 
advanced  network  technology 
research,  is  gaining  support. 

While  NLR  is  firmly  planted  in 
the  research  community  the  re¬ 
sults  of  experimentation  and  re¬ 
search  done  over  the  network  are 
likely  to  find  a  way  into  the  com¬ 
mercial  arena,  participants  say, 
particularly  in  areas  of  next-gener¬ 
ation  protocols,  network  manage¬ 
ment  tools,  provisioning  capabili¬ 
ties  and  security  techniques  — 
possibly  in  as  little  as  18  to  24 
months,  participants  say 

Having  finished  the  network’s 
first  build-out  phase  that  connect¬ 
ed  points  from  east  to  west  across 
the  country  last  August,  NLR’s  sec¬ 
ond  phase  connects  southern 
points  on  the  map  and  had  been 
slated  for  completion  in  Novem¬ 
ber  (see  graphic). 

However,  Hurricane  Katrina 
thwarted  some  of  this  progress,  as 
a  number  of  points  of  presence 
along  the  Gulf  Coast  are  currently 
submerged,  says  NLR  spokesman 
Greg  Wood.  The  group  plans  to 


provide  an  update  of  phase  two’s 
progress  this  week,  Wood  says. 

The  first  of  it’s  kind,  NLR’s  infra¬ 
structure  uses  dense  wavelength 
division  multiplexing  technology 
to  offer  up  to  40  simultaneous 
light  wavelengths  (or  lambdas), 
each  capable  of  transmitting  at 
speeds  of  10G  bit/sec.  Other 
research-oriented  networks  don’t 
offer  such  dedicated  capacity:  In- 
ternet2,  for  example,  connects 
more  than  200  U.S.  universities 
with  one  lOG-bit/sec  link  each. 
Currently  there  are  six  research 
projects  underway  that  take 
advantage  of  NLR. 

Cisco  is  providing  the  multiplex¬ 
ers,  switches  and  routers  for  NLR, 
and  Level  3  Communications  is 
supplying  the  fiber.  Sun  in  July 
announced  it  is  working  with  NLR 
to  connect  its  Sun  Grid  —  an  In¬ 
ternet-based  utility  service  —  to 
the  network. 

User  involvement 

But  that’s  about  the  extent  of 
vendor  involvement  in  NLR.  The 
network  was  designed  by  and  for 
the  research  community  says  Tom 
West,  NLR’s  executive  director,  so 
the  infrastructure  is  not  managed 


by  a  vendor,  but  by  users.“The  pri¬ 
mary  benefit  is  this  dedicated 
capability  that  is  [the  user’s]  own 
to  control  and  manage,”West  says. 
NLR  set  a  mandate  that  more  than 
50%  of  its  capacity  be  dedicated 
to  network  technology  research. 

Users  pay  for  a  fixed  amount  of 
usage  over  a  period  of  time,  say 
three  or  five  years,  and  get  full  use 
of  one  of  the  40  dedicated  wave¬ 
lengths.  That  means  researchers 
can  experiment  with  new  tech¬ 
nologies  without  affecting  or 


being  affected  by  others.“It’s  like  a 
highway  system;  I  have  my  own 
lane,  and  no  one  else  can  get  in,” 
West  says. 

The  Pittsburgh  Supercomputing 
Center,  jointly  formed  by  Carnegie 
Mellon  University  and  the  Univer¬ 
sity  of  Pittsburgh,  was  the  first  re¬ 
search  organization  to  use  NLR  as 
part  of  its  TeraGrid  distributed 
architecture  for  scientific  re¬ 
search.  It  is  looking  to  take  advan¬ 
tage  of  some  new  NLR  features 
such  as  Layer  3  services,  says 
Gwendolyn  Huntoon,  director  of 
networking.  For  advanced  IP  re¬ 
search, the  power  and  flexibility  of 
NLR’s  network  is  key  she  says. 

“We  have  some  well-known 
TCP/IP  research,  and  we’re  look¬ 
ing  at  some  additional  services 
[from  NLR]  that  will  give  us  the 
opportunity  to  investigate  revi¬ 
sions  to  protocols  in  the  existing 
stack  that  might  be  disruptive  if 
done  over  a  commercial  infra¬ 
structure,”  Huntoon  says.“Certainly 
AT&T  or  Global  Crossing  doesn’t 
want  us  experimenting  on  their 
network.” 

Other  considerations 

Cost  also  has  been  a  reason  to 
use  NLR  instead  of  some  com¬ 
mercial  services,  Huntoon  says, 
because  the  research  network  is 
competitively  priced  but  more 
flexible  with  contracts  than  ven¬ 
dors  tend  to  be. 

And  because  NLR  is  devel¬ 
oped  for  research  institutions, 
the  network  covers  key  points 
on  the  map  that  commercial 
services  might  not,  she  adds. 

Mid-Atlantic  Crossroads  (MAX), 


a  multi-state  consortium  of  37  par¬ 
ticipants  that  provides  internet¬ 
works  for  advanced  research  and 
education  centered  around  Wash¬ 
ington,  D.C.,  plans  to  join  forces 
with  a  similar  group  in  Virginia 
and  become  an  NLR  member  by 
early  next  year,  according  to  Tony 
Conto,  MAX  executive  director. 

The  group  has  been  using  In- 
ternet2  services  for  research  and 
education,  as  well  as  experimen¬ 
tation,  but  is  looking  forward  to 
NLR’s  dedicated  wavelengths  for 
some  advanced  projects. 

“With  Internet2  it  was  originally 
instantiated  as  a  broadcast  net¬ 
work, so  you  really  couldn’t  parcel 
out  a  lambda  to  let  you  do  this 
experimental  work  —  you  were 
afraid  of  breaking  the  network,” 
Conto  says.  MAX  plans  to  use  ser¬ 
vices  from  both  networks  going 
forward,  he  says. 

MAX  members,  which  include 
universities,  federal  laboratories 
and  agencies,  and  non-profits,  will 
use  NLR  for  more  than  advanced 
network  research,  Conto  adds, 
offering  examples  such  as  tele¬ 
medicine  applications  and 
physics  experiments  that  will  tra¬ 
verse  the  network.  ■ 


Correction 


■  The  story  "Cisco  preparing 
management  play"  (Aug.  22,  page 
1)  should  have  stated  that  the 
Argonne  National  Laboratory  is 
currently  operated  by  University  of 
Chicago,  located  outside  of 
Chicago. 


Proposing  a  next-generation  Internet 


The  National  Science  Foundation  has  pro¬ 
posed  a  next-generation  Internet  with  built- 
in  security  and  functionality  that  connects 
all  kinds  of  devices,  with  researchers  challenging 
the  government  agency  to  look  at  the  Internet  as 
a  “clean  slate.” 

The  NSF's  Global  Environment  for  Networking 
Investigations  (GENI)  Initiative  would  include  a 
research  grant  program  and  an  experimental 
facility  to  test  new  Internet  technologies,  but  the 
project  is  not  yet  funded,  says  NSF  spokesman 
Randy  Vines.  “It’s  an  idea  under  consideration,” 
he  says. 

Researchers  need  to  start  thinking  beyond  the 
current  Internet  and  consider  radical  new  ideas 
for  continuing  challenges  such  as  Internet  securi¬ 
ty  and  ease  of  use,  says  David  Clark,  a  senior 
research  scientist  in  the  Computer  Science  and 
Artificial  Intelligence  Laboratory  at  the 
Massachusetts  Institute  of  Technology. “I'm  not  at 
all  picking  on  the  Internet  —  the  Internet  does 
what  it  does  well,”  says  Clark,  who  has  received 
an  NSF  grant  to  advise  the  agency  on  the  GENI 


project.  “But  there  are  some  things  where  you 
say,  'that  doesn’t  work  right.’  “ 

As  Clark  envisions  it,  the  GENI  project  would 
go  beyond  current  efforts  to  incrementally 
improve  the  Internet.  The  U.S.  Department  of 
Defense  has  been  pushing  for  adoption  of  IPv6 
to  replace  the  widely  used  IPv4,  but  the  GENI 
project  would  go  years  beyond  the  current 
vision  for  IPv6,  says  Clark,  a  longtime  internet 
security  researcher  who  served  as  chief  proto¬ 
col  architect  for  the  U.S.  government's  Internet 
development  efforts  during  the  1980s.  “I’ve  had 
some  people  come  in  and  say,  'Can  we  rethink 
the  use  of  packets?”'  he  says. 

Among  the  goals  of  the  GENI  Initiative  would  be 
new  core  functionality  for  the  Internet,  including 
new  naming,  addressing  and  identity  architec¬ 
tures;  enhanced  capabilities,  including  additional 
security  architecture  and  designing  for  high  avail¬ 
ability;  and  new  Internet  services  and  applica¬ 
tions.  The  GENI  Initiative  is  described  at 
www.networkworld.com,  DocFinder:  8749. 

—  Grant  Gross,  IDG  News  Service 


» Recliner  recommended,  but  not  included. 
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Battle  virtual 

A  look  at  what  some  of  the  players  are  doing  with  server  virtualization  management: 


Vendor 

Product 

Features 

Availability 

BMC  Software 

Performance  Manager  for  Virtual 
Servers:  Performance  Assurance 
for  Virtual  Servers 

Automated  monitoring  and  management  capabilities  for  physical  and  virtual  systems 
and  partitions;  performs  capacity  planning  for  virtual  systems. 

Now 

Computer 

Associates 

Unicenter  Advanced  Systems 
Management 

Integrates  CA  management  technology  with  VMware  cluster  technology  to  discover 
and  manage  clusters  and  virtual  machines,  and  dynamically  reconfigure  resources. 

In  beta;  expected  to  be  announced  at 
November  CA  World  user  conference 

HP 

Virtual  Server  Environment 

Works  with  HP  workload  manager  software  to  reallocate  resources  from  a  pool 
of  dynamically  sizeable  virtual  servers  based  on  service-level  objectives. 

Now 

IBM 

Tivoli  Workload  and  Capacity 
Management  solution 

Enables  automated  application  process  and  batch  workload  distribution  among 
virtualized  resources  such  as  in  a  grid  environment. 

Now 

Microsoft 

Virtual  Server  R2 

Physical  to  virtual  migration,  clustering  failover,  integration  with  Microsoft 
Operations  Manager,  Linux  support. 

By  year-end 

Platform 

Computing 

VM  Orchestrator 

Automated  management  tool  for  heterogeneous  virtualized  environments,  including 
VMware,  Microsoft  Virtual  Server  and  Xen. 

Shipping  late  November 

SWsoft 

Virtuozzo  for  Linux 

Physical  to  virtual  migration,  enhanced  management  within  Virtuozzo  Control 
Center,  including  the  ability  to  clone  virtual  servers. 

Now 

Virtual  Iron 

Virtual  Iron  platform 

Supports  Xen  open  source  virtualization  technology,  paving  the  way  for  management 
of  heterogeneous  virtualized  environments. 

Now 

VMware 

ESX  Server 

Open  source  and  interfaces  to  make  it  easier  for  partners  to  develop  management 
tools  that  plug  into  VMware  virtual  machines. 

Now 

Virtualization 

continued  from  page  1 

expected  to  use  the  VMworid 
conference  in  October  to  debut 
software  that  will  let  users  moni¬ 
tor  a  shared  pool  of  virtual 
resources  and  deliver  capacity  in 
real-time  fashion.  The  vendor 
declined  to  comment  further  on 
product  details.  IBM,  meanwhile, 
put  its  focus  on  server  virtualiza¬ 
tion  last  week,  announcing 
updates  to  its  Tivoli  management 
products  to  let  end  users  sched¬ 
ule  batch  jobs  on  virtual 
resources  based  on  resource 
availability  For  more  details  on 
other  IBM  tivoli  management 
plans  see  page  25). 

In  addition,  a  range  of  vendors, 
including  Microsoft,  Platform 
Computing,  SWsoft,  Virtual  Iron 
and  VMware  have  made 
announcements  in  the  past  few 
weeks  related  to  more-advanced 
tools  for  virtualized  server  man¬ 
agement  (see  graphic). 

Server  virtualization  is  nothing 
new;  it  has  been  available  on 
mainframes  and  Unix  servers  for 
years.  But  it’s  relatively  recent  that 
end  users  have  been  able  to  divvy 
up  single  standards-based  sys¬ 
tems  into  virtual  partitions.  With 
that  technology  becoming  main¬ 
stream  —  Intel  and  Advanced 
Micro  Devices  plan  to  embed  vir¬ 
tualization  capabilities  into  their 
silicon  next  year,  and  Xen  now 
offers  an  open  source  virtualiza¬ 
tion  technology  —  the  focus  now 
is  more  about  how  to  manage 
those  virtualized  resources. 

The  user  view 

In  addition  to  seeing  manage¬ 
ment  products  from  VMware, 
users  expect  to  see  tighter  integra¬ 
tion  between  the  virtualization 
software  vendors  and  systems 
management  firms  such  as  IBM 
and  Computer  Associates. 

“We  believe  that  there  will 
evolve  a  data  center  operating 
system,”  says  Ron  Price,  CIO  at 
Priceline.com  in  Norwalk,  Conn. 
“Inevitably  you  will  see  unifying 
work  from  a  variety  of  compa¬ 
nies.  This  is  already  present  in 
provisioning  tools  from  Blade 
logic  and  Opsware.  Virtual  Iron, 
Xensource  and  VMware  are  try¬ 
ing  to  address  the  distribution  of 
a  unit  of  work.  Our  belief  is  that 
over  time,  all  of  these  characteris¬ 
tics  get  unified  into  an  overall 
system  similar  in  characteristics 
to  the  great  operating  systems  of 
the  mainframe  era  .. .but  applied 


across  all  these  individual  boxes 
in  the  data  center  rather  than  one 
individual  machine.” 

“It’s  all  part  of  a  larger  move 
toward  something  that  we’ve 
been  describing  as  data  center 
automation,  where  you’re  under¬ 
standing  all  your  resources  across 
the  data  center  whether  physical 
or  virtual,  and  enabling  the  ability 
to  share  resources  and  then  man¬ 
age  them  according  to  some  sort 
of  prioritization,” says  Frank  Gillett, 
principal  analyst  at  Forrester  Re¬ 
search.  “The  end  goal  is  to  get  to 
the  point  where  you  can  manage 
for  business  outcomes,  rather  than 
simply  saying, ‘OK,  that  server  gets 
this  much  capacity” 

“Capabilities  like  VMotion 
[which  lets  users  move  live  vir¬ 
tual  machines  among  physical 
servers]  and  VMware’s  upcom¬ 
ing  distributed  resource  sched¬ 
uler  allow  you  to  automatically 
and  dynamically  balance  work¬ 
loads  between  physical  ma¬ 
chines  transparently’  he  says.  “It 
really  makes  you  look  at  virtual¬ 
ization  not  just  for  the  hard  dol¬ 
lar  savings  but  also  for  the  softer 
day-to-day  operational  savings 
that  you  don’t  have  with  your 
typical  physical  machines.” 

It’s  this  goal  of  creating  a  dynam¬ 
ic  data  center  that  has  a  growing 
number  of  IT  managers  looking  at 
server  virtualization  products.The 
virtual  machine  software  market 
grew  more  than  62%  last  year  to 


$334  million  and  is  expected  to 
double  in  revenue  between  this 
year  and  2009,  according  to  IDC. 

Uncharted  territories? 

While  virtualization  on  x86  sys¬ 
tems  still  is  largely  relegated  to 
consolidation  efforts  in  test  and 
development  environments,  the 
trend  toward  virtualizing  more 
business-critical  workloads  is 
growing,  analysts  say  That  is  push¬ 
ing  systems  vendors  and  virtual¬ 
ization  software  vendors  to  step 
up  their  offerings  when  it  comes 
to  management  tools,  as  well  as 
cement  tighter  partnerships  to 
ensure  their  products  work 
together. 

“But  let’s  be  clear:  We’re  at  the 
very  early  stages  of  this,”  says 
Tony  lams,  senior  analyst  at  Ideas 
International. “Pfeople  are  just  fig¬ 
uring  out  what  they  can  do. . . .  A 
lot  of  [IT  managers]  are  still 
using  homegrown  tools  or  a  mix 
of  off-the-shelf  and  custom  prod¬ 
ucts  to  manage  virtualized  envi¬ 
ronments.” 

Alex  Cruz,  e-mail,  Web  and 
VMware  systems  administrator  at 
Dean  Health  System  in  Madison, 
Wis.,  hooks  his  VMware  virtual 
machines  to  IBM  Director  to  en¬ 
sure  that  the  virtual  servers  stay 
up  and  running. 

“With  Director,  if  a  virtual  ma¬ 
chine  dropped  dead,  Director 
would  know  it  stopped,  pull  up  its 
clone  and  then  fire  it  up  on  anoth¬ 


er  server^  he  says. 

The  goal  now  is  to  make  that 
kind  of  integration  easier. 

CA,  for  example,  will  talk  about 
Unicenter  Advanced  Systems 
Management  at  its  user  confer¬ 
ence,  a  product  that  will  combine 
technology  from  CAs  Unicenter 
Dynamic  Reconfiguration  option 
with  VMware  cluster  technology 
to  enable  automated  discovery  of 
clusters  and  virtual  machines,  and 
dynamic  reconfiguration  of  re¬ 
sources.  Unicenter  Network  and 
Systems  Management  software 
now  manages  the  health,  avail¬ 
ability  and  performance  of  a  vir¬ 
tualized  environment,  but  the  new 
release,  which  is  currently  in  beta 
tests  with  customers,  will  let  users 
automatically  shift  workloads 
across  a  single  resource  pool, 
company  officials  say 

For  its  part,  BMC  plans  to 
enhance  its  two  current  offerings 
for  managing  virtual  environ¬ 
ments,  Performance  Manager  and 
Performance  Assurance  for  Virtual 
Servers,  with  the  new  product  to 
be  unveiled  at  VMworid. 

IBM  also  is  focusing  on  virtual¬ 
ization  and  on  Friday  announced 
upgrades  to  its  Tivoli  Workload 
Scheduler  and  Tivoli  Intelligent 
Orchestrator.The  upgrades  let  soft¬ 
ware  allocate  batch  workloads 
across  available  virtual  resources 
based  on  pre-scheduled  jobs.That 
means  systems  managers  can  run 
jobs  alongside  transactional 


application  workloads  whenever 
there  is  available  capacity  elimi¬ 
nating  the  need  to  run  batch  jobs 
during  off-hours. 

The  software  uses  a  combina¬ 
tion  of  server  and  distributed 
agent  software  to  monitor  avail¬ 
able  resources  and  take  action 
based  on  user-defined  priorities. 
The  two  software  applications, 
along  with  Tivoli  Provisioning 
Manager,  comprise  IBM’s  manage¬ 
ment  software  bundle  for  virtual¬ 
ized  environments,  Tivoli  Work¬ 
load  and  Capacity  Management, 
which  costs  about  $2,900  per 
processor. 

More  to  come 

Users  can  expect  more  an¬ 
nouncements  in  the  coming 
months,  including  the  general 
release  of  Microsoft’s  Virtual 
Server  Release  2  product  by 
year-end. 

“There  are  about  40  different 
vendors  that  have  offerings  in  . . . 
virtualization  and  all  are  talking 
about  management  as  a  critical 
function,” says  Dan  Kusnetzkyvice 
president,  system  software  at  IDC. 

That  means  IT  managers,  even  if 
they’re  not  quite  ready  to  deploy 
virtualization  in  production  envi¬ 
ronments,  should  be  watching  the 
market  closely  particularly  how 
the  different  companies  partner. 
VMware,  for  example,  has  strong 
ties  with  all  of  the  major  systems 
vendors,  including  IBM  and  HPB 


Citrix  NetScaler 

makes  any  application 
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Google 

continued  from  page  1 

His  johnnyihackstuff.com  Web 
site  is  the  starting  point  for  any¬ 
one  looking  to  turn  Google  into  a 
hacker’s  tool.  At  its  heart  is  a 
repository  of  sneaky  queries 
called  the  Google  Hacking  Data¬ 
base,  which  got  its  start  nearly  six 
years  ago,  when  Long  posted  a 
few  of  what  he  refers  to  as  “funny 
or  interesting,  or  dangerous,” 
Google  queries  in  the  Internet. 

Initially  Long,  who  goes  by  the 
name  Johnny  Hax,  did  not  ex¬ 
pect  the  idea  of  using  Google  to 
break  into  computer  networks  to 
attract  any  kind  of  serious  study 

“It  was  sort  of  a  joke  actually’ 
he  says.“The  whole  Google  hack¬ 
ing  thing  was  supposed  to  be 
tongue-in-cheek,  because  I  knew 
that  the  real  hackers  would  get 
their  feathers  all  ruffled.” 

Instead  of  being  bent  out  of 
shape,  the  hackers  were 
intrigued,  and  Long’s  Google 
hacking  community  now  boasts 
nearly  60,000  members. 

At  the  recent  Black  Hat  security 
conference  in  Las  Vegas,  Long’s 
talk  on  Google  hacking  was  a 
standing-room-only  affair,  and  the 
Google  Hacking  Database  now 
stands  at  about  1,500  queries. 

“It  evolved  into  this  very  visible 
thing,”  says  Long,  a  researcher 
with  Computer  Sciences  Corp. 
and  author  of  “Google  Hacking 
for  Penetration  Testers.”“The  sheer 
weight  and  breadth  of  the  stuff 
that  we  dug  up  just  made  people 
go.'Wow?” 

Long,  who  talks  about  his 
Google  hacks  with  a  comic’s  tim¬ 
ing  and  a  laid-back  style,  says  that 
he  has  always  been  a  hacker  at 
heart.  He  claims  to  have  legiti¬ 
mately  broken  into  hundreds  of 
computer  networks  in  his  capaci¬ 
ty  as  a  professional  security 
researcher,  a  job  he  came  to  only 
after  abandoning  his  “wear  a  stu¬ 
pid  suit  and  climb  the  corporate 
ladder  phase.” 

The  list  of  what  Long  and  his 
fellow  Google  hackers  have 
been  able  to  dig  up  is  impres¬ 
sive:  passwords,  credit  card  num¬ 
bers  and  unsecured  Web  inter¬ 
faces  to  things  like  PBXs,  routers 
and  Web  sites. 

Hackers  also  use  Google  for 
reconnaissance.  One  of  the  most 
basic  techniques  is  to  wait  for  a 
major  security  bulletin  and  then 
use  Google  to  search  for  Web 
sites  that  are  “powered  by”  the 
buggy  software.  Attackers  can 


Professional  security  researcher 
Johnny  Long  has  always  considered 
himself  a  hacker  at  heart. 


also  map  out  computer  networks 
using  Google’s  database,  making 
it  impossible  for  the  networks’ 
administrators  to  block  the 
snooper. 

Often,  this  kind  of  information 
comes  in  the  form  of  apparently 
nonsensical  information,  some¬ 
thing  that  Long  calls  “Google 
turds.”  For  example,  because  there 
is  no  such  thing  as  a  Web  site 
with  the  URL“nasa,”a  Google 
search  for  the  query  “sitemasa” 
should  turn  up  zero  results. 
Instead,  it  turns  up  what  appears 
to  be  a  list  of  servers,  offering  an 
insight  into  the  structure  of 
NASAs  internal  network,  he  says. 

But  some  of  the  most  interest¬ 
ing  hacks  occur  when  Google’s 
servers  are  tricked  into  doing 
work  for  the  hackers,  Long  says.  A 
recent  trend  has  been  to  create 
Web  pages  with  thousands  of 
fake  links  that  trick  Google  into 
doing  hacker  reconnaissance 
work.The  technique  works  on 
Web  sites  that  require  URLs  with 
embedded  user  names  and  pass¬ 
words  for  access  to  some  areas. 

“You  load  up  this  page  so  it  has 
the  same  user  name,  but  you  try 
a  bunch  of  different  passwords  in 
the  links”  Long  says.“Then  the 
search  engine  picks  up  those 
links  and  tries  to  follow  them  all, 
but  only  caches  the  one  that 
works.  So  then  you  go  back  and 
pick  up  your  results,  and  you’ve 
actually  got  the  search  engine 
doing  your  dirty  work.” 

Although  hackers  used  search 
engines  before  Long  made  a 
name  for  himself,  the  power  and 
comprehensiveness  of  today’s 
engines,  including  Microsoft’s 
MSN  Search,  make  them  critical 
tools  for  computer  attackers,  says 
Mikko  Hypponen,  chief  research 
officer  with  security  company  F- 
Secure. 

“Search  engines  are  probably 


the  first  step,  because  they  are  a 
really  easy  way  of  getting  to 
know  the  target,  and  the  target 
has  no  idea  of  what  you’re 
doing,”  he  says.“Nowadays,  pretty 
much  any  hacking  incident  most 
likely  begins  with  Google.” 

To  what  extent  Google  is  paying 
attention  to  the  nefarious  possi¬ 
bilities  of  its  search  engine  is 
unclear.  Google  confirmed  that  it 
has  employees  who  work  in  this 
area,  but  the  company  wouldn’t 
allow  any  of  them  to  be  inter¬ 
viewed  for  this  story 

The  company  does  make  a 
practice  of  blocking  many  of  the 
Google  Hacking  Database 
queries  (often  right  after  Long 
makes  a  public  presentation  of 
them),  but  it  keeps  a  low  profile 
at  security  shows,  including 
Black  Hat. 

“Google  is  very  user-friendly  but 
the  general  consensus  is  that 
they’re  not  very  involved  in  the 
security  community?’  Long  says.  If 
Google  ever  does  pay  any  seri¬ 
ous  attention  to  the  hackers,  it 
could  end  up  developing  a 
whole  new  line  of  business,  Long 
believes.  Why  not,  for  example, 
create  a  kind  of  Google  Security 
Alerts  system  that  would  let  cus¬ 
tomers  know  when  some  of  the 
vulnerabilities  that  Long  and  his 
hacker  friends  have  been  discov¬ 
ering  are  found  on  a  specific 
Web  site? 

In  fact,  it’s  possible  that  Google 
might  have  such  a  product  in  the 
works.  Long  says  he  suggested 
this  idea  to  Google  Information 
Security  Officer  Stephen  Hansen 
nearly  two  years  ago,  right  after 
Hansen  had  signed  up  as  a  mem¬ 
ber  of  the  Google  Hacking 
Database  Web  site,  Long  says. 

“1  shot  him  an  e-mail  back,  and 
I  said, 'It’s  good  to  have  you  here. 
If  you  have  any  questions  or 
problems,  then  let  me  know?  And 
then  I  fired  the  idea  at  him  about 
a  security  service,”  he  says.  1  did¬ 
n’t  hear  anything  back  from  him. 
And  that  was  actually  the  only 
contact  I’ve  ever  had  with  some¬ 
body  at  Google.”  ■ 


Got  great  ideas? 


■  Got  a  suggestion  for  a  Wider  Net 
story?  An  offbeat  network  industry- 
related  topic?  A  fascinating  person¬ 
ality  we  should  profile?  Contact 
Bob  Brown  with  your  ideas  at 
bhtnm@nww.com. 


ERP  offering  relies 
on  open  source 

BY  JOHN  COX 

A  4-year-old  company  is  using  open  source  software  as  the  founda¬ 
tion  for  an  ERP  suite  targeted  at  small  and  midsize  manufacturers. 

OpenMFG  this  week  plans  to  release  Version  1.2  of  its  software, 
which  goes  by  the  same  name  as  the  company  and  includes  some 
200  changes  from  the  earlier  version.  While  most  of  the  changes  are 
small,  about  25%  of  them  came  from  the  company’s  network  of 
value-added  resellers  (VAR)  and  20  customers.  Those  changes 
reflect  the  fact  that  users  get  the  complete  source  code  for  the  vari¬ 
ous  OpenMFG  modules  and  can  make  changes  that  get  incorporat¬ 
ed  into  the  suite. 

The  suite  was  designed  for  manufacturers  and  can  be  readily  adapt¬ 
ed  for  discrete  and  process  manufacturing,  according  to  Ned  Lilly, 
OpenMFG’s  CEO  and  co-founder.  Modules  include  the  standard  ERP 
functions,  such  as  part  definition  for  bills  of  materials,  capacity  plan¬ 
ning,  inventory  management,  purchase  orders  and  a  complete  set  of 
financial  programs. 

The  software  uses  or  exploits  several  key  open  source  components. 
It  runs  on  several  operating  systems,  but  the  preferred  platform  is 
Linux.The  heart  of  the  application  is  the  PostgreSQL  object-relational 
database.  The  application  is  written  in  C++  using  Qt,  an  open  source 
tool  kit  from  Norway’s  Trolltech. 


Profile:  OpenMFG 


Location: 

Norfolk,  Va. 

rounaeo. 

December  2001 

Primary  business: 

Open  source  ERP  suite  for  small  and  midsize  manufacturers. 

GEO  and  co¬ 
founder: 

Financing: 

Ned  Lilly,  who  previously  was  corporate  venture  capital  director 
for  Landmark  Communications,  a  $1  billion-plus  media  and 
technology  holding  company. 

Privately  funded;  details  not  disclosed 

Customers: 

20,  including  ImagerLabs,  a  California  start-up  manufacturing 
low-light  imaging  sensors  and  subsystems;  and  Medal  LP,  a 
subsidiary  of  Air  Liquide  that  makes  gas  separation  membranes. 

Fun  fact: 

This  lean  vendor  has  just  eight  employees,  ail  in  a  small  office, 
yet  their  primary  means  of  communication  during  the  day  is 
via  instant  messaging. 

This  open  source  software  stack  eliminates  two  issues  that  make  it 
hard  for  smaller  firms  to  adopt  modern  ERP  products,  according  to 
Lilly  One  is  the  cost  of  licensing  proprietary  ERP  solutions  from  ven¬ 
dors  such  as  Microsoft,  Oracle  and  SAP“By  using  open  source  com¬ 
ponents  for  the  stack,  we’ve  changed  the  dynamics  of  who  can  afford 
it,”  he  says. 

The  company  offers  a  subscription  service  starting  at  $15,000  yearly 
or  a  traditional  software  licensing  scheme  at  $2,500  per  concurrent 
user.  A  typical  OpenMFG  deployment  would  cost  $30,000  to  $40,000 
per  year  for  about  15  users,  depending  on  the  number  of  modules 
selected  and  the  number  of  users.  Lilly  says  OpenMFG  is  typically  one- 
third  to  one-half  less  expensive  than  software  from  its  chief  rival  in  this 
market,  Microsoft. 

Second,  with  open  source  software,  customers  and  their  VARs  can 
readily  adapt  OpenMFG  to  meet  specific  requirements. One  example  of 
custom  code  is  a  feature  that  integrates  OpenMFG  with  the  package 
tracking  systems  from  UPS  and  FedEx. 

Rival  products  include  Microsoft  Business  Solutions,  which  com¬ 
bines  products  originally  acquired  from  Great  Plains  Software  and 
more  recently  from  Navision.ERP  companies  such  as  Oracle  and  SAP 
have  been  struggling  to  tailor  enterprise  products  for  small  to  midsize 
businesses.  ■ 
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Microsoft 

continued  from  page  1 

with  the  back  end  where  it  hopes  to  leave 
classic  telephony  companies  such  as  Cisco, 
Nortel,  Siemens  and  others  to  provide  infra¬ 
structure,  while  edging  those  vendors  out  of 
the  client-side  interface  arena. 

The  biggest  challenge  Microsoft  faces  is 
execution  of  its  plan,  Lazar  says.  And  com¬ 
petitors  agree. 

“Certainly  Microsoft  is  going  to  be  a  big 
force  in  collaboration  applications  and  we  are 
working  with  them  in  that  area,”  says  Charles 
Giancarlo,  Cisco’s  chief  development  officer. 
“But  in  terms  of  real-time  voice  and  video- 
based  collaboration,  where  you  have  to  deal 
with  all  the  issues  associated  with  a  pleasant 
and  easy  experience  with  voice  and  with 
video,  we  think  that  takes  a  systems  company 
not  just  a  software  company,  to  do  it  right.” 

Microsoft’s  traditional  competitors  also 


Third-party  tie-ins 

Microsoft’s  expansion  last  week  of  its  rela¬ 
tionship  with  Nortel  speaks  to  those  capabili¬ 
ties.  Nortel’s  Communication  Server  1000, 
which  is  based  on  Session  Initiation  Protocol, 
will  integrate  with  Live  Communications 
Server  2005  and  Communicator  2005.  Com¬ 
municator  will  let  users  initiate  calls  through 
the  corporate  phone  system;  provide  call  con¬ 
trol  features  such  as  forwarding,  transferring, 
conferencing;  and  answer  calls  placed  to 
desktop  phones  using  Communicator. 

But  Microsoft  is  coy  about  whether  it  plans 
to  become  a  telephony  player. 

“This  [Nortel  partnership]  isn’t  turning  Live 
Communications  Server  and  Communicator 
into  a  PBX,”  says  Paul  Duffy,  senior  product 
manager  in  the  real-time  collaboration  group 
at  Microsoft.  “It  is  providing  integration  with 
telephony  assets  [that]  customers  already 
have.”  Duffy  would  only  say  Microsoft  is  listen¬ 
ing  to  customers  when  asked  if  Microsoft 


The  VoIP  play 

Microsoft  last  week  bought  Teleo,  a  VoIP  soft¬ 
ware  and  services  provider  whose  technology 
specifically  click-tocall  that  lets  users  click  on 
a  phone  number  in  any  Web  page  to  dial,  will 
be  integrated  with  MSN  Messenger  and  other 
products  and  services  the  company  did  not 
specifically  name.Teleo  was  planning  to  intro¬ 
duce  a  service  that  would  let  users  place  calls 
from  their  PCs  using  Microsoft  Outlook  and 
Internet  Explorer. 

Microsoft  already  has  VoIP  features  in  its 
MSN  Messenger  that  allow  PC-to-PC  calls;  the 
Teleo  technology  will  add  PC-to-cell  and  wire- 
line  phones. 

In  the  short  term,  the  acquisition  helps 
Microsoft  compete  with  Skype,  a  PC-based 
VoIP  client,  and  with  Google  Talk.  But  in  the 
long  term,  Teleo  technology  could  bleed  into 
Office-based  collaboration  products  and 
Microsoft’s  Xbox  gaming  platform,  according 


Yak,  yak,  yak 

Since  2003,  when  it  debuted  Live  Communications  Server  and  Live  Meeting,  Microsoft  has  steadily  increased  the  integration 
between  voice  and  its  collaboration  platform.  Here  is  a  look  at  significant  milestones  for  this  year  and  next: 


January  2005  August  2005 

Office  Live  Microsoft  buys  Teleo,  a  VoIP  software  and  services  provider. 

Communications  •  Announces  application  integration  partnership  with  Nortel. 

Server  2005  ships.  •  Arel  announces  integration  of  its  multi-point  audio  and  video  services  with  Live  Meeting,  Communicator  and  Live  Communications  Server. 

I  t 


2005 

June  2005  - - 

Office  Communicator  2005  client  ships;  Microsoft 
announces  partnerships  with  Siemens,  Alcatel 
and  Mitel  for  integration  with  PBX. 


2006 


December  2005  - — - 1 

Before  year-end,  Microsoft  plans  to  release  first 
beta  of  Windows  Mobile  Client,  which  is  based  on 
Communicator  and  will  bring  voice  to  mobile  devices. 


Second  half  of  2006  I 

While  its  shipping  date  is  not  official,  Exchange  Server  12 
is  expected  to  include  unified  messaging  features  that  can 
handle  VoIP,  and  PBX-based  voice  mail  messages. 


aren’t  standing  still.  IBM/Lotus  teamed  earlier 
this  month  with  Avaya  to  integrate  voice  soft¬ 
ware  and  “click-to-call”  features  with  e-mail, 
Web  conferencing  and  instant  messaging  soft¬ 
ware  on  the  Notes/Domino  and  Sametime 
platforms. The  partnership  will  provide  similar 
features  Microsoft  is  gaining  from  Nortel  and 
earlier  partnerships  this  year  with  Siemens, 
Alcatel  and  Mitel. 

“With  regards  to  voice,  we  are  not  talking  just 
about  Volf?  we  are  talking  about  call  control 
and  all  the  things  you  can  do  with  a  desktop 
phone  todayf  says  Peter  Pawlak,  an  analyst 
with  independent  research  firm  Directions  on 
Microsoft.“What  can  you  do  with  an  interface 
that  is  basically  a  digital  keypad?  With  a  soft¬ 
ware  interface,  you  can  do  a  ton  of  things:You 
can  display  the  caller  ID  and  see  if  it  pops  up 
anyone  in  your  contact  list.  You  can  take  the 
call  to  voice  mail  with  a  right  click.  You  can 
forward  it  to  someone  else,  you  can  take  the 
call  by  clicking  on  the  answer  button.You  can 
say  1  want  to  conference  in  someone  and  you 
can  look  them  up  in  your  Outlook  address 
book  and  hit  conference  and  it  sends  a  signal 
to  the  switch  to  ring  somebody’s  extension. 
Basically  your  PC  becomes  your  interface  to 
the  PBX  functions.” 


would  become  the  PC  interface  to  voice. 

But  the  idea  is  intriguing  to  some  users. 

Nortel  customer  Joanne  Kossuth,  CIO  at 
Franklin  W  Olin  College  of  Engineering  in 
Needham,  Mass.,  says  she  is  interested  in 
enabling  users  to  initiate  phone  calls  from 
desktop  Communicator  clients;  receive  pop- 
ups  that  indicate  users  have  phone  calls;  and 
enable  users  to  receive  calls,  forward  them  or 
transfer  them.  “If  you  make  it  a  button  in  an 
application,  people  are  going  to  use  it.  If  you 
make  it  a  whole  new  application  where  peo¬ 
ple  have  to  get  trained  they’re  going  to  be  less 
likely  to  use  it,”  she  says. 

She  says  Communicator  might  help  sup¬ 
port  seniors  working  on  engineering  projects 
with  businesses  that  they  must  stay  in  touch 
with  at  least  once  a  week.  “Being  able  to  use 
the  Communicator  and  seeing  pop-ups  for 
specific  calls  flags  their  attention  if,  say,  it’s 
their  adviser  calling  from  the  company?’ 
Kossuth  says. 

Microsoft,  however,  is  not  ignoring  the 
white-hot  VoIP  market,  where  the  use  of  IP 
PBXs  is  poised  to  soar.  Market  watcher  In-Stat 
predicts  sales  of  these  devices  will  represent 
51%  of  all  PBX  sales  this  year  and  grow  to 
91%  worldwide  by  2009. 


to  a  research  note  issued  last  week  by  Gold¬ 
man  Sachs. 

Teleo  supports  call  forwarding,  conferencing 
and  voice  mail  features  that  could  easily  find 
their  way  into  corporate  products. 

A  Microsoft  spokeswoman  says  use  of 
Teleo  technology  beyond  MSN  has  yet  to  be 
determined. 

In  addition,  Xbox  Live,  with  2  million  sub¬ 
scribers,  is  one  of  the  largest  VoIP  services  in 
existence  and  provides  Microsoft  with  a 
healthy  test  environment  for  future  products. 
Later  this  year  when  it  ships  Xbox  360, the  next 
version  of  the  platform,  it  will  include  voice 
chat  as  a  built-in  feature  and  could  add  mil¬ 
lions  more  VoIP  users. 

With  Microsoft’s  all  encompassing  efforts, 
however,  come  the  usual  fears  about  plat¬ 
form  lock-in. 

“You  make  an  instant  messaging  decision 
and  all  of  a  sudden  you  have  made  a  deci¬ 
sion  that  will  really  influence  what  you  will 
do  with  IP  telephony  and  VoIP”  says  Mike 
Gotta,  an  analyst  with  Burton  Group.  “By 
going  to  Communicator  [which  supports  IM] 
and  Live  Communications  Server,  that  is  a 
product  leap.  What  you  really  need  first  is  an 
architecture  leap.”  ■ 
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Short  Takes 


■  Microsoft  plans  to  release  an 
add-on  to  MSN  Search  Toolbar  aimed 
at  protecting  Web  users  from  phish¬ 
ing  scams.  The  technology  is  similar 
to  an  anti-phishing  tool  the  company 
previously  said  will  be  available  in 
Internet  Explorer,  which  is  not  yet  in 
public  release.  The  phishing  filter  — 
which  issues  a  pop-up  window  warn¬ 
ing  if  a  user  navigates  to  a  Web  site 
that  exhibits  behavior  typical  of  phish¬ 
ing  sites,  and  blocks  access  to  cur¬ 
rently  recognized  phishing  sites  — 
will  be  available  for  Internet  Explorer 
6  running  on  Windows  XP  with  SP2 
installed.  The  technology  will  be  avail¬ 
able  in  test  release  in  a  few  weeks 
from  http://addins.msn.com,  but 
Microsoft  did  not  give  a  more  specific 
time  frame  for  the  beta  release,  or  a 
subsequent  production  release  of  the 
filter,  The  technology  might  eventually 
end  up  as  a  permanent  feature  of  the 
MSN  Search  Toolbar,  but  that  has  yet 
to  be  determined,  the  company  says. 
Rolling  it  into  MSN  Search  Toolbar 
also  could  help  the  company  win 
some  footing  in  the  search  market 
against  rivals  Google  and  Yahoo,  the 
company  says. 

■  SeCureLogix,  a  maker  of  telecom 
and  IP  telephony  security  gear, 
launched  an  upgrade  to  its  Enter¬ 
prise  Telephony  Management 
box,  adding  support  for  H.323  to  the 
telecom  firewall  device.  The  ETM  box, 
which  supports  Session  Initiation 
Protocol,  ISDN-Primary  Rate 
Interface  and  analog  telephone  traf¬ 
fic,  can  filter  and  block  suspicious 
H.323  traffic,  the  vendor  says.  The  box, 
in  its  fifth  version,  is  used  in  front  of 
PBXs  or  IP  PBXs  to  stop  toll  fraud, 
VoIP  network  hacking  and  other  mali¬ 
cious  telephony-related  activities. 
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Reactivity  secures  RSS  traffic 


Security  RSS 


Reactivity  says  its  XML  security  gateways  can  secure  real-time 
communications  traffic  generated  by  Real  Simple  Syndication,  or  RSS,  which 
is  growing  in  popularity  but  has  yet  to  find  a  foothold  as  a  corporate  application. 


Directory  Web  Service  A 


1  User's  RSS  reader  attempts  to  pull  data  from  back-end  Web  service.  __ 

2  Reactivity  XML  Security  Gateway  validates  the  user  has  permission  to  access  the  data  and  authenticates 
the  user  through  corporate  identity  management  infrastructure.  . 

3  Data  is  pulled  in  XML  format  from  back-end  Web  service  and  transformed  into  RSS  format  and  delivered 
to  user's  desktop. 


BY  JOHN  FONTANA 

Reactivity  last  week  added  support  for  the 
Real  Simple  Syndication  format  to  its  XML 
gateway  technology  providing  a  way  for 
users  to  secure  and  control  access  to  infor¬ 
mation  distributed  using  the  real-time  com¬ 
munication  technology 

While  instant  messaging,  presence  and 
Web  conferencing  are  now  the  dominant 
real-time  corporate  communications  tools, 
RSS  is  in  its  infancy  but  gaining  popularity 

RSS  is  an  XML  format  widely  used  to  syn¬ 
dicate  news  from  blogs  or  news  sites  and 
has  become  popular  with  publishers,  mar¬ 
keting  firms  and  advertisers.  RSS  feeds  alert 
users  to  the  availability  of  new  content  on 
Web  sites  or  blogs.  RSS  can  carry  HTML  tags 
and  content,  such  as  audio  files,  but  also 
can  transport  malicious  content  such  as 
malware  and  spam. 

With  Microsoft’s  recent  announcement 
that  it  will  add  XML-based  syndication  into 
its  Internet  Explorer  7.0  browser,  the  capa¬ 
bility  to  use  the  technology  will  soon  be  in 
the  hands  of  many  more  end  users. 

“Enterprises  are  looking  at  many  scenar¬ 
ios  for  RSS,”  says  Ray  Valdes,  research  direc¬ 
tor  for  Gartner.“How  about  a  blog  within  a 
department  that  is  associated  with  a  pro¬ 
ject,  and  distributing  information  through 
the  blog.  And  RSS  is  not  just  for  human 


authors.  It  could  be  used  to  distribute  infor¬ 
mation,  like  a  report,  that  is  automatically 
generated  by  an  application.  Where  a  cur¬ 
rent  system  might  e-mail  the  report,  now 
you  could  use  RSS  to  distribute  the  report.” 

RSS  is  not  a  stand-alone  tool  and  will 
require  that  current  systems  be  updated  or 
modified  to  integrate  with  it,  Valdes  says. 
And  there  will  be  many  ways  to  secure  RSS 
traffic. 

“Just  like  today  with  e-mail,  you  can 


encrypt  it,  send  it  over  a  VPN  or  use  some 
other  security  mechanism,”  he  says. 

Reactivity  is  hoping  to  secure  RSS  traffic 
with  its  XML  Security  Gateway  and  SOA 
Gateway,  both  of  which  can  authenticate 
access,  secure  transport,  encrypt  single  and 
aggregated  RSS  feeds,  and  transform  RSS 
data  to  and  from  other  XML  formats.  It 
includes  tracking,  auditing  and  reporting 
features. 

See  RSS,  page  20 


Intel-Cisco  deal  aims  to  improve  Wi-Fi 


BY  STEPHEN  LAWSON,  IDG  NEWS  SERVICE 

A  joint  development  project  announced 
at  the  recent  Fall  Intel  Developer  Forum  by 
Intel  and  Cisco  could  improve  the  perfor¬ 
mance  and  quality  of  corporate  VoIP  net¬ 
works. 

The  companies  want  to  ensure  Wi-Fi  wire¬ 
less  LANs  deliver  good  VoIP  quality  and  as 
much  data  capacity  as  possible,  say  high- 
level  executives  at  Intel  and  Cisco.  With 
their  domination  of  the  PC  and  network 
equipment  industries,  the  partners  are  well 
positioned  to  make  those  capabilities  wide¬ 
spread  even  if  there  isn’t  a  formal  standards 
group,  according  to  industry  analysts. 

The  Business  Class  Wireless  Suite,  expect¬ 
ed  to  be  available  in  the  first  half  of  next 
year,  is  the  first  part  of  a  broad  initiative  by 
Intel  and  Cisco  to  improve  the  Wi-Fi  experi¬ 
ence  in  homes  and  corporations. The  com¬ 


panies  were  vague  about  that  broader  pro¬ 
ject  but  gave  some  details  about  the  first 
two  results  of  their  cooperation,  which  is 
aimed  at  business  users. 

With  the  VoIP  technology,  Intel  Centrino 
chipsets  in  notebook  PCs  using  the  upcom¬ 
ing  Napa  architecture  will  be  able  to 
reserve  capacity  on  a  Wi-Fi  access  point 
and  communicate  the  need  for  packet  pri¬ 
oritization  to  guarantee  call  quality,  says 
Dave  Hofer,  director  of  marketing  for  Intel’s 
wireless  networking  group.  On  a  standard 
Wi-Fi  network,  a  VoIP  call  has  to  contend 
with  other  data  packets  being  exchanged 
by  one  or  more  users,  and  sound  quality 
can  suffer. 

The  aim  is  to  let  companies  offer  reliable, 
good  voice  quality  over  WLANs.  Intel  also 
might  work  with  other  vendors  to  help 
users  get  the  most  out  of  the  new  VoIP  capa¬ 


bilities,  Hofer  says.  In  the  first  instance  of 
this,  Avaya  announced  at  IDF  that  it  will 
optimize  its  IP  Telephony  Softphone  for 
Centrino  laptops  using  the  Napa  architec¬ 
ture.  With  the  Avaya  softphone,  the  Business 
Class  Wireless  Suite  will  deliver  better  call 
quality  Hofer  says. 

The  other  technology  in  the  works  could 
bring  even  bigger  changes.  It  lets  network 
managers  use  the  available  capacity  on  an 
access  point,  rather  than  just  the  strength  of 
the  radio  signal,  as  a  factor  in  assigning 
each  user  to  an  access  point.  That  means 
that  if  the  access  point  nearest  a  user  is 
overloaded  with  other  connected  clients, 
the  user  can  be  automatically  hooked  up 
with  another  nearby  access  point.  This  is 
already  possible  with  many  enterprise  Wi-Fi 
systems,  including  new  Cisco  products 

See  Intel,  page  20 
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SonicWall  offers  versatile  security  platform 


BY  TIM  GREENE 

SonicWall  this  week  is  introducing  a  new 
multifunction  security  device  that  can  scan 
for  a  laundry  list  of  malicious  activity  with¬ 
in  corporate  networks  and  keep  outbreaks 
contained  to  LAN  segments. 

Called  Pro  4100,  the  appliance  performs 
anti-virus,  anti-spyware,  anti-spam,  intrusion- 
prevention  and  anti-phishing  screening  as 
well  as  keeping  track  of  where  proprietary 
data  moves.  It  also  acts  as  a  VPN  gateway 
and  performs  endpoint  scanning  to  see 
whether  machines  attempting  to  access  the 
network  meet  corporate  security  policies. 

The  company  says  this  is  part  of  its  uni¬ 
fied  threat  management  family  of  prod¬ 
ucts  that  includes  the  Pro  4060  for  distrib¬ 
uted  networks  and  the  Pro  5060  for  large 
data  centers.These  devices  all  support  the 
same  set  of  security  functions  but  at  vary¬ 
ing  capacities  and  with  varying  numbers 
and  types  of  ports.  Companies  making 


similar  gear  include  Cisco,  Fortinet, 
Juniper,  Symantec,  ServGate  and  Secure 
Computing. 

These  multifunction  platforms  are  attrac¬ 
tive  because  they  can  be  placed  at  critical 
network  junctions  to  thoroughly  screen  traf¬ 
fic  for  a  broad  spectrum  of  threats  and 
block  the  ones  they  identifyAn  1DC  study  of 
the  devices  says  advantages  include  reduc¬ 
ing  network  complexity  by  eliminating 
many  separate  pieces  of  hardware,  simplify¬ 
ing  remote  security  and  bringing  networks 


back  up  quicker  when  they  fail  by  replac¬ 
ing  one  box  rather  than  troubleshooting 
multiple  boxes. 

This  type  of  device  also  is  supplanting 
popular  firewall/VPN  appliances  and  will 
overtake  them  in  2008,  the  study  says. 

With  10  1G  bit/sec  Ethernet  ports, 
SonicWall’s  new  device  can  support  a  large 
site  with  multiple  network  segments  and 
keep  the  traffic  physically  separated.  This 
high  port  count  is  meant  for  businesses  that 
have  many  devices  sandwiched  between 


firewalls  in  isolated  network  segments 
accepting  traffic  from  the  Internet.  The  Pro 
4100  boxes  can  thoroughly  examine  traffic 
and  drop  it  based  on  whether  it  finds  activ¬ 
ity  or  signatures  that  indicate  it  might  be 
malicious. 

The  devices  also  can  be  used  to  terminate 
wireless  LANs,  providing  VPN  security  as 
well  as  threat  mitigation  for  Wi-Fi  network 
segments. 

Pro  4100  supports  Sonic  Wall’s  Global 
Management  System  software  and  its 
Viewpoint  reporting  software  so  customers 
can  set  policies  and  manage  thousands  of 
the  devices  from  a  single  platform  and  gen¬ 
erate  reports  on  threat  activity 

SonicWall  says  the  device  has  an  800M 
bit/sec  firewall  and  350M  bit/sec  VPN  that 
can  support  1,500  IPSec  remote  access 
users. 

SonicWall  Pro  4100  costs  $7,000  and  is 
available  now.B 


Intel 

continued  from  page  19 

acquired  in  its  purchase  of  Airespace,  Intel’s  Hofer  says.  But  the  tech¬ 
nology  Intel  and  Cisco  are  developing  puts  more  intelligence  on  the 
client  and  allows  for  real-time  moves  as  conditions  in  a  network 
change,  he  says. 

Both  new  technologies  are  coming  specifically  to  Intel’s  Napa  platform 
and  new  Cisco  network  gear,  Hofer  says.They  could  later  find  their  way 
into  the  Cisco  Compatible  Extensions  program,  under  which  many  ven¬ 
dors  add  capabilities  to  theirWi-Fi  gear  to  work  with  Cisco  networks, and 
into  formal  industry  standards,  he  says. 

The  features  eventually  need  to  be  standardized  so  they  can 
become  available  to  all  users,  analysts  say  This  is  in  the  two  compa¬ 
nies’  interests,  too,  they  say.  Within  six  months  to  two  years,  Intel  and 
Cisco  will  submit  their  technology  to  a  standards  body  for  ratifica¬ 
tion,  predicts  IDC  analyst  Abner  Germanow.  Intel  wants  to  promote 
the  use  of  notebooks  for  voice,  and  both  companies  want  to  drive 
the  use  of  Wi-Fi  as  much  as  possible,  he  says. 

“At  some  point  it  needs  to  be  bigger  than  the  two  of  them  in  order  to 
really  drive  the  goals  of  this  endeavor^’  Germanow  says. 

But  with  Intel  dominating  PCs  and  Cisco  holding  about  60%  of  the 
enterprise  WLAN  market,  according  to  Dell’Oro  Group,  a  research 
company,  the  new  technology  will  become  widespread  in  any  case, 
analysts  say 

The  companies  are  taking  aim  at  the  right  problems,  according  to 
analysts. 

WLANs  lag  behind  wired  networks  because  they  have  been  designed 
for  range  and  signal  strength  rather  than  ample  capacity  which  is  what 
users  really  need, says  Craig  Mathias,  principal  at  advisory  and  systems 
integration  company  Farpoint  Group.  The  802.11  standards  don’t  give 
clients  a  way  to  tel!  which  access  points  have  available  network  capac¬ 
ity  For  network  administrators,  this  means  a  lot  of  uncertainty  Mathias 
says.  Whereas  on  a  wired  network  they  can  decide  how  many  clients  to 
plug  into  a  switch,  on  a  standard  WLAN  they  can’t  control  how  many 
clients  try  to  use  a  given  access  point. 

In  addition,  reliable  voice  quality  on  Wi-Fi  PCs  will  become  critical, 
Germanow  says.  Most  business  won’t  buy  specialized  Wi-Fi  phones  but 
will  put  softphones  on  employees'  notebook  PCs,  he  says.  Most  business 
calls  in  an  office  are  not  made  while  walking  around,  according  to 
Germanow.And  college  students  already  use  notebooks  for  voice  calls 
on  Skype’s  VoIP  service  and  on  voice-capable  instant  messaging  sys¬ 
tems,  he  says.B 


Juniper,  Meru  join  forces 

Their  pairing  might  push  them  closer  to  Cisco  Wi-Fi  territory. 


BY  PHIL  HOCHMUTH 

Juniper  Networks  last  week  said  it  is  teaming 
with  Meru  Networks,  a  Wi-Fi  VoIP  gear  maker,  to 
offer  joint  product  packages  to  corporate  users. 

Meru  is  joining  Juniper’s  third-party  sales  and 
support  service,  the  J-Partner  Infrastructure 
Alliance.The  two  vendors  will  sell  Juniper’s  enter¬ 
prise  firewall,  routing  and  security  along  with 
Meru’s  wireless  LAN  access  points,  which  are 
geared  toward  supporting  VoIP  over  WLANs. 

Meru  makes  WLAN  gear  that  is  aimed  at  latency- 
sensitive  traffic  requiring  fast  handoffs  among 
access  points,  such  as  voice-over-WLAN.  Its  Air 
Traffic  Control  gear  provides  QoS  for  radio  fre¬ 
quency  signals  in  the  air,  prioritizing  VoIP  signals, 
while  allowing  large  concentrations  of  voice  con¬ 
nections  on  an  access  point. 

Juniper,  which  is  strong  in  carrier  routing,  as  well 
as  enterprise  firewall  and  security  (thanks  to  its 
2004  purchase  of  NetScreen),  has  been  trying  to 
break  into  enterprise  routing  with  the  introduction 


of  its  J-Series  WAN  routers  for  corporate  branch 
offices  and  larger  sites. 

The  vendor,  long  a  thorn  in  Cisco’s  side  in  the  car¬ 
rier  market,  also  is  trying  to  expand  its  enterprise 
presence  in  enterprise  application  acceleration, 
with  buyouts  of  traffic  optimizer  firms  RedLine 
Networks  and  Perabit  Networks  earlier  this  year, 
spending  $469  million  on  the  two  companies. 

Getting  closer  to  Meru  gives  Juniper  more 
pieces  to  the  corporate  network  it  appears  to 
covet  —  VoIP  and  Wi-Fi  technologies.  Earlier  this 
year,  rumors  swirled  that  Juniper  might  purchase 
a  WLAN  company,  possibly  Trapeze  Networks  or 
Aruba  Wireless  Networks,  to  counter  Cisco’s 
Airespace  WLAN  buy  in  January.  The  vendor  has 
been  quiet  since. 

Juniper  and  IP  PBX/phone  maker  Avaya  agreed 
in  May  to  co-market  and  develop  gear  for  enter¬ 
prises.  In  March,  Juniper  bought  carrier  VoIP  gear 
marker  Kagoor  Networks  for  $67.5  million  for  the 
company’s  session  border  control  products.  ■ 


RSS 
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Reactivity  officials  say  those 
capabilities  will  let  corporate 
users  ensure  data  privacy  and  pro¬ 
tection  and  meet  government 
compliance  mandates. 

Reactivity  is  partnering  with  ser¬ 
vice  provider  SimpleFeed,  which 
provides  a  service  to  transform 
corporate  documents  into  RSS 
formats  for  the  nearly  600  varieties 
of  RSS  readers  available  today 


Reactivity  also  envisions  the 
gateway  for  use  behind  a  firewall, 
transforming  XML  messages  from 
back-end  Web  services  into  spe¬ 
cific  RSS  formats  supported  by 
specific  readers.  For  instance,  a 
bank  could  use  the  gateway  to 
support  RSS  notifications  to  cus¬ 
tomers  when  checks  clear. 

Reactivity’s  gateways  support 
SSL  for  encrypted  transport  and 
integrate  with  identity  manage¬ 
ment  infrastructures  to  authenti¬ 
cate  users  requesting  RSS  feeds. 


Company  officials  say  they  did¬ 
n’t  add  any  new  technology  to 
Reactivity’s  gateway  products  cur¬ 
rently  shipping,  but  both  pieces  of 
software  have  been  validated  that 
they  can  secure  RSS’s  XML  for- 
mat.That  means  users  of  the  cur¬ 
rent  versions  of  the  software  can 
secure  RSS  traffic.  ■ 
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Exchange  protection 


software  debuts 


Neverfail  for  Exchange 


The  software  is  designed  to  ensure  Exchange  server  availability. 


-iOSI 


The  administrator  can  set 
a  policy  that  affects  what 
a  failed  server  will  do. 


Here,  IT  has  determined  that  the  server  will  be  restarted 
twice,  and  if  that  doesn't  solve  the  problem,  the  application  wil 
JTTE  be  failed  over  to  another  machine.  In  this  panel,  IT  can 
start  and  stop  the  heartbeat  monitoring  function. 

: — “ T 
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BY  DENI  CONNOR 

The  Neverfail  Group,  a  company  that  got 
its  start  as  a  disaster  recovery  consultancy 
in  the  early  1990s,  has  begun  selling  soft¬ 
ware  designed  to  ensure  that  Microsoft  Ex¬ 
change  servers  stay  up  and  running. 

Neverfail  for  Exchange  lets  two  servers 
work  together  to  create  a  real-time,  dupli- 


Short  Takes 


■  SWsoft  has  signed  a  partnership 
with  HP  to  provide  support  for  its  vir¬ 
tualization  software  on  the  server 
maker's  Itanium  2-based  Integrity 
machines.  End  users  now  can  get 
support  for  Virtuozzo  for  Linux  on 
Integrity  servers  directly  from  HP. 
SWsoft  announced  support  for 
Itanium-based  systems  in  July. 

Unlike  competitors  VMware  and 
Microsoft,  SWsoft  virtualizes  at  the 
operating  system  level,  creating  mul¬ 
tiple  virtual  servers  atop  a  single 
operating  system  on  one  physical 
machine.  As  a  result,  SWsoft  sup¬ 
ports  64-bit  environments  not  only  in 
the  host  operating  system,  but  in  the 
multiple  virtual  servers  that  the  virtu¬ 
alization  software  creates,  company 
executives  say. 

■  IBM  last  week  enhanced  its  stor¬ 
age  management  software  by 
improving  installation,  configuration 
and  reporting  options  and  adding  sup¬ 
port  for  IBM's TotalStorage  DS4800, 
DS6000  and  DS8000  storage  arrays. 
The  company's  IBM  TotalStorage 
Productivity  Center  also  has  the 
ability  to  automate  manual  storage 
tasks  such  as  provisioning  disks.  The 
company  announced  that  it  is  offering 
4G-bit/sec  Fibre  Channel  connectivity 
on  its  DS4800  midrange  storage  sys¬ 
tem,  as  well  as  16G  bytes  of  cache 
and  operations  at  550,000  I/Os  per 
second.  IBM  TotalStorage  Prod¬ 
uctivity  Center  is  expected  to  be 
available  this  month  priced  per  ter¬ 
abyte  under  management.  The 
TotalStorage  DS4800  model  88a  also 
is  expected  to  be  available  this  month 
starting  at  $108,000. 


cate  copy  of  messaging  data.  One  server 
watches  the  other  via  software  called 
Neverfail  Heartbeat.  If  the  watched  server 
should  fail  or  look  as  if  it  is  going  to,  Never- 
fail’s  software  steps  in  and  creates  a  dupli¬ 
cate  of  all  the  data,  applications  and  oper¬ 
ating  systems  on  the  secondary  server. 
With  this  approach,  users  might  not  be 
aware  that  they  are  working  on  a  different 
physical  server,  Neverfail  says. 

Craig  Foss,  IT  director  for  Mattress  Dis¬ 
counters  in  Upper  Marlboro,  Md.,  uses 
Neverfail  to  protect  his  Exchange  server. 

“Our  Exchange  server  going  down  was 
what  prompted  our  research  into  failover 
products  to  begin  with.We  were  looking  for 
a  failover  solution,  so  that  if  our  primary  e- 
mail  server  went  down,  e-mail  for  the  com¬ 
pany  would  continue  to  floW’  he  says. 

Foss  says  he  couldn’t  afford  the  cost  of 
clustering  his  servers  or  remote  vaulting  ser¬ 
vices  to  achieve  high  availability 

Neverfail  is  focusing  exclusively  on  the 
Windows  server  market.  The  company  also 
has  fault-tolerant  application  modules  for 
SQL  Server,  ShareFbint,  Internet  Information 
Server  and  Microsoft  file  servers.  It  has  soft¬ 
ware  for  applications  such  as  IBM’s  Web¬ 
Sphere  MQ  that  run  on  Windows  servers. 

Neverfail  sells  all  its  application  modules 


Novell  released  its  third-quarter  financial 
results  a  couple  of  weeks  ago  (its  fiscal  year 
runs  ends  Oct.  31),  and  the  picture  wasn’t 
very  pretty  While  revenue  fell  slightly  (from 
$305  million  to  $290  million),  profits  tum¬ 
bled  from  $24  million  to  just  $2  million 
from  the  previous  third-quarter  results.  Of 
course,  that  $24  million  last  year  included 
$19  million  from  a  settlement  of  the  DR- 
DOS  suit  against  Microsoft.  Still,  that  means 
profit  from  real  business  fell  from  $5  million 
to  $2  million  —  not  a  very  good  sign. 

A  year  ago  I  noted  that  NetWare  was  still 
Novell’s  best-selling  product  during  the 
third  fiscal  quarter.  1  can’t  say  that  again  this 
year,  though.  Not  because  NetWare  sales  are 
down,  though  I’m  sure  they  are.  It’s  just  that 


with  a  software  product  called  Server 
Check  Optimization  Performance  Eval¬ 
uation  (SCOPE),  which  monitors  a  network 
before  Neverfail  installation  for  potential 
bottlenecks  or  failures. 

The  company’s  products  compete  with 
NSI  Software  and  LiveVault,  and  with 


they’re  no  longer  reported  separately.  In¬ 
stead,  there’s  a  consolidated  category 
called  “Linux  and  Platform  Services,” 
which  includes:  Open  Enterprise  Server; 
SuSE  Linux  Enterprise  Server;  SuSE  Linux 
Professional;  NetWare;  Small  Business 
Suite;  and  Cluster  Services.  All  of  the  rev¬ 
enue  gets  lumped  together. 

In  a  surprising  bit  of  marketing  legerde¬ 
main,  $45  million  in  revenue  from  this  cate¬ 
gory  was  called  “Linux-related  product  rev¬ 
enue."  But  over  two-thirds  of  that  money 
was  attributed  to  Open  Enterprise  Server 
sales,  with  the  balance  coming  from  the 
other  areas  of  the  Linux  and  Platform 
Services  group. 

Yes,  Open  Enterprise  Server  does  ship 
with  a  SuSE  Linux  Enterprise  Server  core. 
But  it  also  ships  with  a  traditional  NetWare 
core.  Who’s  to  say  which  core  the  pur¬ 
chasers  are  thinking  about  when  they  buy? 
Who’s  to  say  which  they  install  and  in  what 


clustering  software  from  Microsoft  and 
FblyServe. 

Neverfail  for  Exchange  starts  at  $6,500. 
This  price  includes  Neverfail  Heartbeat,  the 
Neverfail  for  Exchange  module  and  SCOPE 
analysis.  Other  application  modules  cost 
$  1 , 1 00  per  processor.  ■ 


numbers?  Novell  hasn’t  released  any  usage 
statistics,  so  we’re  free  to  make  our  own 
guesstimates,  I’d  say 

These  third-quarter  results  don’t  reflect 
Novell’s  recent  movements  in  Asia,  buy¬ 
ing  out  its  Indian  sales  partner,  as  well  as 
announcing  a  Chinese  R&D  center  and  a 
Chinese-language  version  of  OpenSuSE. 
The  hope  is  that  these  moves  should  con¬ 
tribute  a  great  deal  to  the  Novell  bottom 
line,  if  not  in  the  fourth  quarter  of  fiscal 

2005,  then  in  the  opening  half  of  its  fiscal 

2006. 

But  will  it  matter?  Last  week , Barron 's  mag¬ 
azine  labeled  Novell  a  potential  takeover 
target  (likely  buyer:  IBM,  Sun,  or  perhaps 
SAP).  Let  the  rumors  begin! 

Kearns,  a  former  network  administrator,  is 
a  freelance  writer  and  consultant  in  Silicon 
Valley.  He  can  be  reached  at  wired@ 
vquill.com. 


Novell  nets  takeover  talk 
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FIREFOX  VS.  EXPLORER 


Battle  lines  drawn  again  between  browsers 


Browser  shares 

Firefox  is  gaining  in  popularity,  but  has  a  long 
way  to  go  before  overtaking  Internet  Explorer. 
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Note:  Percentages  are  rounded  off  to  the  nearest  whole  number. 
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BY  JOHN  FONTANA 

ate  on  the  night  of  Sept.  30,  1997,  a 
group  of  Microsoft  employees  strate¬ 
gically  placed  a  large  metal  likeness 
of  the  Internet  Explorer  logo  on  the 
front  lawn  at  Netscape  Communications  in 
Mountain  View,  Calif.  —  a  signal  that  the 
browser  war  was  fully  ignited. 

Earlier  that  evening,  Internet  Explorer  4.0 
had  been  released  in  San  Francisco  and 
hailed  by  critics  as  more  stable  than 
Netscape’s  Navigator,  which  enjoyed  72% 
market  share.  In  five  years,  that  number  col¬ 
lapsed  to  less  than  4%,  and  what  little  was 
left  included  an  open  source  skunkworks 
project  called  Phoenix. 

Fast-forward  to  2005,  and  a  second  war 
appears  to  be  heating  up. 

Phoenix  is  now  Firefox,  which  is  the  new 
upstart,  gaining  more  than  8%  market  share 
since  its  release  in  November,  based  on 
more  than  82  million  downloads.  Firefox 
also  has  eclipsed  Internet  Explorer’s  feature 
set  at  the  same  time  Microsoft’s  browser  has 
dragged  users  through  another  round  of 
security  flaws. 

Last  month,  non-profit  Mozilla.org,  the 
Firefox  creator  that  was  established  by 
Netscape  in  1998,  spun  off  a  for-profit  sub¬ 
sidiary  to  explore  Firefox’s  potential  and 
service  and  support  options,  a  move  clearly 
targeted  at  winning  over  IT  shops. 

Also  last  month,  IBM,  with  tens  of  thou¬ 
sands  of  employees  on  Firefox,  began  offer¬ 
ing  internal  tech 
support  on  the 
browser  and 

encouraging  staff  to 
download  it  from 
internal  servers.  Last 
year,  Penn  State 
University  urged  its 
faculty  and  students 
to  dump  Internet 
Explorer  in  favor  of 
Firefox,  Opera, 

Safari,  Netscape  and  other  browsers. 

And  long-simmering  application  develop¬ 
ment  models,  tied  together  earlier  this  year 
and  called  Asynchronous  JavaScript  and 
XML  (AJAX),  are  heating  up  after  Google 
used  them  to  develop  eye-popping  brows¬ 
er-based  applications  that  have  Microsoft 
crafting  plans  to  add  AJAX  into  its  develop¬ 
er  tools. 

“As  far  as  whether  there’s  a  new  browser 
in  town,  I  think  the  numbers  speak  for 
themselves,”  says  Blake  Ross,  one  of  the  co¬ 
creators  of  Firefox.  “But  I  never  look  at  this 


as  a  ‘browser  war’  Firefox  is  not  a  war  on 
Microsoft;  it  is  a  war  on  complexity’ 

On  the  defensive 

In  February  Microsoft’s  Bill  Gates 
reopened  the  browser  battle,  saying  devel¬ 
opment  on  a  new  stand-alone  version  of 
Internet  Explorer  had  begun  after  four  dor¬ 
mant  years.  Microsoft  delivered  a  beta  of 
Internet  Explorer  7.0  in  July  and  has  the 
final  product  slated  for  release  next  year. 
The  offering  is  designed  mostly  to  address 
security  issues. 

But  perhaps  most  important,  Microsoft 
retains  legions  of  corporate  developers 


Blake  Ross,  co-creator  of  Firefox 


who  have  used  its  Active  X  technology 
which  provides  a  connection  to  a  PC’s  local 
hard  drive,  to  build  rich  features  into  Web- 
based  and  intranet  applications. 

“We  are  very  married  to  IE.  Our  online 
banking  fully  supports  IE  and  has  only  par¬ 
tial  support  for  Firefox  and  Netscape,”  says 
Jay  Leal,  vice  president  of  technology  for 
Inter  National  Bank  in  McAllen,  Texas.  “We 
still  have  85%  to  90%  of  our  Internet  traffic 
come  from  IE.  The  population  using  the 
alternatives  is  still  too  small  to  have  an 
impact  on  what  our  developers  are  doing.” 


Leal  says  that  even  if  Firefox  use  explod¬ 
ed,  it  would  still  be  hard  to  get  off  Internet 
Explorer  internally  where  Web-based  tools, 
such  as  teller  applications  and  virus  moni¬ 
toring,  rely  on  the  Microsoft  software’s  fea¬ 
tures.  “Switching  browsers  isn’t  a  decision 
we  could  make  lightly  We  would  have  to 
work  with  countless  vendors  to  ensure  their 
applications  run,”  he  says. 

Improving  security 

Microsoft  knows  it  has  a  lock  on  users 
and  that  it  has  to  improve  security  dramati¬ 
cally  to  keep  them,  which  is  the  goal  with 
Internet  Explorer  7.0.  It  is  scheduled  to  ship 
with  Microsoft  Vista  in  2006 
and  as  a  stand-alone  applica¬ 
tion  for  Windows  XP  SP2. 

Microsoft  also  plans  to 
enhance  important  features 
for  developers,  including  sup¬ 
port  for  Cascading  Style 
Sheets,  HTML  4.0,  and 
Portable  Network  Graphic. 
Those  are  key  standards,  says 
the  Web  Standards  Project 
(WaSP),  a  grass-roots  coali¬ 
tion  focused  on  standards  support. 

While  Microsoft  says  Internet  Explorer  7.0 
won’t  pass  WaSP’s  Acid2  check,  a  standards 
support  test  that  does  not  guarantee  con¬ 
formance  and  that  Firefox  has  yet  to  pass.it 
appears  to  point  IE  in  the  right  direction. 

‘As  a  wish  list,  we  view  [Acid2]  as  a  valu¬ 
able  tool,  but  we  are  focused  on  security 
and  compatibility’  says  Margaret  Cobb, 
group  product  manager  for  Internet 
Explorer.  “We  will  evaluate  supporting  this 
test  in  the  future.” 

Firefox  also  is  working  diligently  to  cor¬ 


rect  its  flaws.  Last  February  and  May,  securi¬ 
ty  holes  in  the  browser  had  to  be  patched, 
including  the  first  vulnerability  rated 
“extremely  critical.”  Those  flaws  exposed 
another  Firefox  shortcoming,  and  a  patch 
required  reinstalling  the  entire  application. 

With  Firefox  1.5,  which  is  in  beta  and  is 
expected  to  ship  later  this  month,  the 
update  system  will  eliminate  that  short¬ 
coming  and  more. 

“Organizations  will  be  able  to  set  up  their 
own  update  system  that  uses  the  same 
client-side  piece,  so  they  can  control  what 
gets  updated  and  when,”  says  Mike  Shaver, 
technology  strategist  for  the  Mozilla 
Foundation.  “And  we  are  scaling  our  own 
infrastructure  to  deal  with  our  growing  user 
base.” 

This  browser  war  also  could  turn  on 
development  techniques,  much  like 
Microsoft  trumped  Netscape  using  Active 
X  to  entice  developers,  even  though  the 
technology  became  a  playground  for 
hackers. 

The  new  twist  is  AJAX,  which  experts  say 
represents  the  future  of  Web-based  applica¬ 
tions.  It  is  a  collection  of  well-established 
technologies,  including  XML  HTTP 
Request,  which  Microsoft  introduced  in  the 
late  1990s. 

AJAX  lets  users  develop  applications 
that  behave  like  desktop  software,  reduc¬ 
ing  page  reloads  by  allowing  JavaScript  to 
make  server  calls  asynchronously  It  dove¬ 
tails  nicely  with  recent  developments  in 
Web  services  and  service-oriented  archi¬ 
tectures  and  applications,  experts  say 

Google  has  invested  heavily  in  AJAX,  mak¬ 
ing  it  the  basis  for  such  projects  in  the  last 
year  as  Google  Maps  and  Gmail  and  gener¬ 
ating  a  buzz  around  the  technology 

In  fact,  Microsoft  this  month  plans  to  pre¬ 
view  a  tool  codenamed  Atlas  designed  to 
ease  creation  of  AJAX-like  applications. 

“1  would  say  going  forward  that  AJAX  is 
going  to  have  a  ton  of  focus  and  support 
behind  it,”  says  Joshua  Pbrter,  research 
consultant  and  director  of  Web  develop¬ 
ment  for  research  firm  User  Interface 
Engineering.  “Because  it  is  built  on  open 
standards,  it  is  going  to  be  the  next 
plateau  that  we  reach  on  the  Web,  like 
with  HTML.” 

Developers  say  the  beauty  of  AJAX  is  that 
it  is  cross-platform  and  can  be  supported 
on  all  browsers,  which  could  eliminate  the 
need  for  plug-ins  to  support  sophisticated 
application  functions  and  break  the  Active 
X  lock-in.  ■ 


I  never  look  at  this  as  a 
‘browser  war.’  Firefox  is  not  a 
war  on  Microsoft;  it  is  a  war 
on  complexity.** 
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Tivoli  has  mainframe  mgmt.  on  tap 


Counting  Zs 


IBM  Tivoli  Omegamon  XEfor  z/OS  software  uses  the  Tivoli  Enterprise  Portal 
to  show  mainframe  administrators  performance  and  availability  alerts. 
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The  portal  provides  multiple  ways  to  view 
alerts.  Systems  administrators  can  drill  down 
on  physical  devices  to  get  more  information 
on  an  alert. 
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Take  Action 


Re 


Omegamon  XE  for  z/OS  can  be  con¬ 
figured  to  prompt  administrators  to  take 
automated  actions,  or  it  can  launch  them 
on  its  own  in  response  to  specific  events. 


TTie  growth  in  use  of  CSA  (Common  Services 
Area)  storage  exceeds  its  Warning  threshold 
If  usage  is  already  high,  a  system  crash  may 
occur  due  to  exhausted  CSA.  In  Current 
Situation  Values  identify  the  address  spaces 
using  high  amounts  of  CSA  and  showing 
rapid  growth  in  its  us!  *  Nonessential  address 
spaces  with  high  grow  th  rates  should  be 


"  Expert  Advice  | 


IBM  added  expert  analysis  capabilities  to  offer 
experienced  and  novice  administrators  additional 
information  on  the  alert  in  plain  language. 


BY  DENISE  DUBIE 

IBM  last  week  announced  a  slew  of 
upgrades  to  its  Tivoli  management  software 
portfolio  that  the  company  says  will  help 


Short  Takes 


I  HP  last  week  released  a  scaled- 
down  version  of  its  enterprise  client 
management  software  for  customers 
with  between  100  and  1,000  desktops. 
HP  OpenView  Client  Configuration 
Manager  is  based  on  Novadigm’s 
Radia  technology  (HP  acquired 
Novadigm  last  year)  and  offers  small 
and  midsize  customers  integrated 
inventory  collection,  software  distrib¬ 
ution  and  patch  management,  among 
other  capabilities.  The  software 
installs  on  a  dedicated  server  and 
pushes  agents  out  to  managed 
devices  to  help  administrators  inven¬ 
tory  software  on  desktops,  distribute 
patches  and  take  automated  correc¬ 
tive  actions,  HP  says.  Pricing  starts 
at  about  $25  per  seat  license,  and  HP 
expects  the  product  to  be  available  in 
October. 

■  GoldenGate  Software  has 

released  a  new  tool  that  can  root  out 
data  discrepancies  between  databas¬ 
es  without  interrupting  their  use. 
Called  Veridata,  the  software  aims  to 
help  reduce  the  time  it  takes  to  com¬ 
pare  large  volumes  of  data  across 
database  applications.  It  also  can 
help  companies  stay  in  compliance 
with  regulatory  requirements  and 
keep  back-up  databases  up-to-date, 
the  company  says.  The  product  can 
compare  data  sets  in  live  databases 
at  very  high  speed,  according  to 
GoldenGate  —  something  the  compa¬ 
ny  says  is  unique.  Version  1  of  the  tool 
can  compare  one  target  and  one 
source  database.  It  currently  works 
with  Oracle  databases  and  HP’s 
NonStop  databases,  although 
GoldenGate  says  it  plans  to  support 
additional  platforms  soon.  Pricing 
information  wasn't  available. 


customers  automate  administrative  tasks 
and  view  mainframe-specific  statistics  from 
one  console. 

“IBM  knows  the  mainframe  isn’t  going 
away,  and  it’s  investing  heavily  in  manage¬ 
ment  tools  to  make  it  easier  for  its  cus¬ 
tomers  to  start  integrating  everything  they 
manage  together,”  says  Rich  Ptak,  princi¬ 
pal  analyst  with  research  firm  Ptak,  Noel  & 
Associates.  “Tivoli  has  been  acquiring 
assorted  mainframe  capabilities  to  be 
able  to  provide  customers  with  a  com¬ 
plete  set  of  products  for  mainframe  and 
distributed  systems.” 

The  IBM  Tivoli  Omegamon  zSeries  suite 
includes  several  applications  that  address 
the  management, storage  and  security  tasks 
on  mainframe  systems.  With  these  upgrad¬ 
ed  releases,  IBM  integrated  systems  man¬ 
agement  technology  it  acquired  from 
Candle  in  April  2004  and  from  asset  man¬ 
agement  vendor  Isogon  in  July 

Big  Blue  used  Candle  products  to  devel¬ 
op  the  Tivoli  Enterprise  Portal,  a  new  feature 
in  Tivoli  mainframe,  distributed  and  appli¬ 
cation  management  products,  which  lets 
users  view  performance  and  availability 
management  data  collected  by  its  monitor¬ 
ing  software.  The  portal,  in  the  case  of  the 
mainframe,  would  also  let  systems  adminis¬ 
trators  bring  the  green  screen  interface 
they  are  accustomed  to  into  the  portal.The 
portal  is  featured  in  products  such  as  Tivoli 
Omegamon  XE  for  z/OS  and  IBM  Tivoli 
Composite  Application  Management  for 
SOA.  IBM  says  the  portal  provides  a  com¬ 
mon  interface  among  its  mainframe  and 


BY  JENNIFER  MEARS 

Organizations  that  build  smaller  software 
projects  that  are  rolled  out  in  quick, 
phased  release  cycles  tend  to  be  more 
productive  and  have  higher  success  rates, 
according  to  analysts  at  the  Cutter 
Consortium  who  are  taking  a  look  at  why 
software  projects  fail. 

Last  week,  the  analyst  firm  released  a 
pair  of  reports  that  are  the  first  in  a  series 
focusing  on  failed  software  projects.  The 
first,  titled  “Does  Project  Size  Matter/  found 
that  while  project  size  was  irrelevant  when 
it  came  to  canceling  software  develop- 


distributed  products  to  integrate  data 
alongside  IBM  Tivoli  License  Manager  for 
Contracts,  which  manages  software  licens¬ 
es  across  distributed  systems. 

The  common  theme  to  the  upgrades 
within  the  mainframe  suite  was  to  build 


ment  efforts,  smaller  projects  ultimately 
had  greater  success. 

“There  is  an  increasing  understanding 
that  [software]  development  that  is  done 
in  smaller  iterations  tends  to  be  more  suc¬ 
cessful,”  says  Khaled  El  Emam,  senior  con¬ 
sultant  at  the  Cutter  Consortium.  He  rec¬ 
ommends  to  his  clients  that  are  building  IT 
systems  that  they  roll  out  an  initial  soft¬ 
ware  architecture  and  then  add  features 
and  functions  in  phased  releases  spread 
about  three  months  apart. 

“Spend  six  to  nine  months  on  first 
release  of  a  system,  then  have  three-month 


mainframe  management  products  that 
could  easily  integrate  with  distributed  sys¬ 
tems  management  products  and  enable 
systems  administrators  to  manage  business 
critical  applications  across  any  type  of 

See  Tivoli,  page  26 


iterations  after  that,”  El  Emam  says.  “That 
way  the  first  release  allows  the  team  to 
design  the  system  properly  and  put  in 
place  a  good  architecture  for  the  future 
releases  instead  of  trying  to  build  the 
whole  thing  at  once.” 

El  Emam  looked  at  more  than  230 
recently  completed  software  projects  to 
understand  how  the  size  of  the  project  — 
length  of  time  and  number  of  developers 
—  affected  the  success  or  failure  of  the 
undertaking.  Most  surprising  was  the  fact 
that  size  didn’t  affect  decisions  to  cancel  a 
See  Software,  page  26 


With  software,  smaller  is  better 
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Never  met  a  tech  they  didn’t  hate 


NET  INSIDER 


Scott  Bradner 


In  late  August  The  New  York 
Times  reported  that  half  of  the 
major  record  companies  are 
threatening  to  not  renew  their 
contracts  with  Apple  for  iTunes, 
because  they  want  a  different 
business  model  that  would  make 
them  more  money 
There  have  been  rumors  of  this 
ever  since  Apple  started  iTunes 
and,  with  the  current  contracts 
expiring  early  next  year,  it’s  now 
time  for  the  record  companies 
to  show  just  how  stupid  they  are. 
Apple  has  sold  more  than  500 


million  songs  since  starting  the 
iTunes  store.  If  all  of  these  had 
been  sold  as  individual  songs, 
this  would  mean  revenue  of  just 
less  than  $500  million  for  Apple 
and  $350  million  for  the  record 
companies  (and,  according  to 
some  recording  artists  and  song¬ 
writers,  about  $12  for  the  people 
who  wrote  and  sang  the  materi¬ 
al).  Not  all  of  the  songs  were 
sold  individually;  many  were 
sold  as  albums  where  the  per- 
song  fee  can  be  less.  So  the  total 
money  to  the  record  companies 
was  a  bit  less. 

But  a  quick  look  at  Amazon’s 
prices  for  albums  on  physical 
CDs  shows  that  the  record  com¬ 
panies  are  doing  just  fine  when 
Apple  sells  an  album  for  down¬ 
load.  Amazon’s  prices  for  a  bunch 
of  current  new  releases  from  the 
Back  Eyed  Peas,  Mariah  Carey 


and  the  Rolling  Stones  is  $10.99 
per  CD.  Compare  this  to  the  $9.99 
Apple  charges  for  the  Black  Eyed 
Fteas  and  Mariah  Carey  albums, 
and  the  $12.99  Apple  charges  for 
the  Rolling  Stones  album. 
Remember  that  the  record  com¬ 
pany  does  not  have  to  actually 
make  anything  for  Apple  (other 
than  a  single  digitized  copy  of  the 
music),  whereas  they  have  to 
make  and  distribute  physical 
things  for  Amazon. 

It’s  hard  to  see  how  the  record 
company  can  be  making  less 
through  Apple  than  from 
Amazon  when  either  sells 
albums.  Maybe  the  real  problem 
is  that  there  are  too  often  only 
one  or  two  songs  worth  buying 
on  an  album  and  the  Apple  cus¬ 
tomers  can  just  get  those  and  not 
have  to  pay  for  the  crap.  I  think 
the  real  problems  are  two  —  the 


record  companies  are  terrified 
of  new  technology,  and  they  can¬ 
not  constrain  their  greed,  even  in 
the  face  of  clear  evidence  that 
the  greed  would  be  suicidal. 

Media  companies,  both  record¬ 
ing  and  film,  have  fought  every 
new  technology  tooth  and  nail 
from  VCRs  to  MP3  players  and 
peer-to-peer  networks.  Every 
time  the  media  companies  have 
lost  a  particular  fight,  they  have 
made  money.  The  best  example 
are  video  (the  DVD)  sales,  which 
became  an  important  revenue 
source  for  the  movie  companies. 

Every  time  they  have  won  a  par¬ 
ticular  fight  they  have  not  made 
any  money  —  one  example  is 
Digital  Audio  Tapes,  which  failed 
in  the  market  after  the  record 
companies  won  a  fight  to  tax 
them.  In  this  context,  iTunes  is  just 
another  new  technology  that 


needs  to  be  feared  and  controlled. 

The  stupidity  on  the  greed  front 
is  breathtaking.  Apple  has  shown 
that  legal  music  downloading 
can  be  a  success  if  it’s  done 
right.  The  recording  industry  has 
a  chance  to  encourage  those 
people  who  have  been  law-abid¬ 
ing  to  switch  to  illegal  down¬ 
loading.  It  looks  like  some  of  the 
recording  companies  want  to 
seize  the  opportunity 

Disclaimer:  Even  Harvard 
would  have  a  hard  time  teach¬ 
ing  people  to  be  as  stupid  as  the 
recording  companies  too  often 
are,  but  the  university  has  not 
expressed  an  opinion  on  the 
topic. 

Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


TivoH 
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infrastructure,  IBM  says. 

“If  you  look  at  large  enterprises  and  what 
they  are  trying  to  do,  most  of  them  are  trying 
to  deploy  business  services  that  are  based 
on  a  composite  application  topology  that 
includes  a  mainframe,”  said  Alfred  Zollar, 
general  manager  of  Tivoli  software  at  the 
IBM’s  user  conference  Share  last  week. 


Software 

continued  from  page  25 

the  cancellation  rate  was  so  small,”  he 
says. 

El  Emam  found  that  just  15%  of  the 
organizations  he  surveyed  canceled  pro¬ 
jects. 

“Things  are  getting  better  and  IT  depart¬ 
ments  and  project  managers  are  better 
able  to  manage  these  projects,”  he  says, 
noting  that  new  software  development 
practices  are  helping  to  keep  projects 
alive  and  make  them  successful.  For 
example,  there  is  more  focus  today  on 
user  participation  in  the  development 
process,  he  says. 

“The  main  reason  why  projects  typically 
fail  is  that  you  build  something  for  the 
users,  but  the  users  don’t  participate  in  the 
project.  So  you  build  something,  and  it’s 
not  what  the  users  need,”  El  Emam  says. 
“Today  there  is  a  stronger  emphasis  on 
peer  reviews  and  better  testing  practices.” 

A  second  report,  “Software  Project 
Failures:  Part  1  —  Should  We  Quit  Now  or 
Later,”  by  Cutter  Consortium  senior  analyst 
E.M.  Bennatan,  focused  on  software  fail- 


The  Omegamon  zSeries  suite  uses  a  com¬ 
bination  of  centralized  management  con¬ 
sole  software  and  distributed  agents.  The 
management  console  would  be  installed 
on  a  dedicated  server,  most  likely  not  the 
mainframe  system, and  the  agents  would  be 
distributed  to  mainframe  and  distributed 
systems.The  data  agents  collect  would  then 
be  sent  to  the  management  console  for 
aggregation,  correlation  and  reporting  pur¬ 
poses.  The  management  console  can  then 


ures  and  how  companies  handle  them. 

Bennatan  studied  software  project  fail¬ 
ures  at  200  organizations  during  the  past 
three  years.  Of  those,  44%  had  canceled 
or  abandoned  software  projects  because 
of  serious  problems,  including  budget 
overruns,  schedule  overruns  or  quality 
problems. 

“Not  all  failed  projects  get  canceled,” 
Bennatan  writes  in  the  report.  “Many  are 
completed  but  perceived  as  failures 


feed  data  to  the  Web-based  Tivoli  Enterprise 
Fbrtal,  from  which  systems  administrators 
could  take  action.  Customers  also  can 
choose  to  use  native  interfaces,  such  as  the 
green  screen  for  mainframes,  instead  of  the 
enterprise  portal. 

For  example,  IBM  enhanced  Tivoli 
Omegamon  XE  for  z/OS  Version  3. 1 .0  with 
new  features  that  would  make  it  easier  for 
less-experienced  systems  administrators  to 
diagnose  system  health  based  on  events 


because  of  severe  overruns  and/or  quality 
problems.” 

These  projects  are  the  ones  that  went  on 
for  too  long  and  probably  could  have 
been  remedied  earlier,  Bennatan  says. 

“Most  software  development  organiza¬ 
tions  have  let  failing  projects  run  their 
course  at  a  significant  cost  in  terms  of  time 
and  budget,”  Bennatan  writes.  “For  many 
organizations,  this  an  area  in  which  to  con¬ 
centrate  their  improvement  efforts.”  ■ 


and  alerts.  The  Expert  Advice  feature  can 
provide  details  into  what  is  most  likely  caus¬ 
ing  a  performance  or  availability  problem. 

IBM  also  added  the  capability  to  configure 
the  software  to  take  automated  actions 
based  on  events.  Customers  can  configure 
the  software  to  either  automate  the  actions 
or  prompt  the  systems  administrator  to  kick 
off  the  actions  to  resolve  a  problem, 
depending  on  their  comfort  level  with 
automation.  IBM  also  added  a  new  man¬ 
agement  console  for  z/OS. 

IBM  competes  most  directly  with  BMC 
Software  and  Computer  Associates,  both  of 
which  have  upgraded  mainframe  manage¬ 
ment  packages  in  the  past  year.The  move  is 
smart  on  all  companies’  parts,  says  Ptak,  as 
the  mainframe  is  gaining  popularity  among 
customers  adopting  emerging  technologies 
such  as  Linux  and  Web  services. 

“The  mainframe  provides  the  availability 
reliability  security  and  performance  that  is 
needed  to  sustain  newer  Web-based  appli¬ 
cations,”  he  says.  ‘And  20%  of  the  mainframe 
capacity  shipped  by  IBM  runs  Linux  making 
it  a  major  force  in  open  systems  solutions.” 

All  products  in  the  IBM  Tivoli  Omegamon 
zSeries  suite  are  expected  to  be  generally 
available  by  the  fourth  quarter.  Pricing  will 
be  determined  at  that  tirne.B 
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More  on  Tivoli 

Network  World  Senior  Editor  Denise  Dubie  and 
Alfred  Zollar,  general  manager  of  Tivoli  software, 
discuss  his  company’s  software  plans: 
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Meeting  (leadlines 

A  Cutter  Consortium  survey  of  more  than  200  organizations  found  that  44% 
had  canceled  or  abandoned  software  projects  in  the  past  three  years.  Primary 
reasons  for  the  failure: 


Do  you  worry  about  .  .  . 


bringing  new  Network  IT  products  to  market? 
reaching  Network/IT  and  Corporate  Managers? 
accelerating  your  sales  cycle? 

getting  your  company's  message  in  front  of  a  powerful  audience  of  Network  IT  buyers 


Stop  worrying  .  .  . 

when  you  sponsor  a  Network  World  Technology  Tour  and  Expo.  These  dynamic  live 
multi-city  events  will  bring  you  face-to-face  with  the  Network  World  community  —  the 
architects,  strategists,  decision-makers  and  buyers  for  today's  enterprise  networks. 

Network  World  is  now  accepting  sponsorship  bookings  for  2005  Technology  Tours  and 
Expos.  Sponsorships  are  limited  to  guarantee  a  dynamic  experience  for  both  sponsors 
and  attendees  so  act  now. 

Contact  Andrea  D'Amato ,  National  Sales  Director,  Events  and  Executive  Forums,  at 

800-622-1108,  Ext.  6520  or  adamato@nww.com 
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Wireless  and  Mobility 

Network  Management/IT  Automation 

Remote  Office  Networking 

WAN  Optimization 

Voice  over  IP/Convergence 

Extended:  Wireless  and  Mobility 

SMB 

Security 

Extended:  Voice  over  IP/Convergence 
IT  Road  Map:  2006 


To  attend  a  Network  World  Technology  Tour  and  Expo  free,  register  at  www.networkworld.com/events 
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The  point  of  business  is  cost-effectively  connecting  enterprise  resources  to  better  serve  your  customers.  With  a  wholly  owned,  end-to-end 
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network — backed  by  a  team  of  consultants  working  with  you  to  develop  the  optimal  solution  for  your  environment — Time  Warner  Cable  delivers 
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reliable  business  communications.  Add  to  that,  standard  and  customized  SLAs,  along  with  a  full  suite  of  data,  video,  and  security  solutions- 


including  Metro  Ethernet,  Teleworker  Solutions,  Branch  Office  Connectivity — and  you  have  a  scalable  infrastructure  for  sharing  information, 


, ... 


reducing  costs  and  realizing  the  value  on  your  IT  investment.  That's  the  point  of  business. 
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Short  Takes 


■  Intelsat  has  agreed  to  acquire 
satellite  communications  rival 
PanAmSat  Holding  for  $3.2  billion, 
creating  an  industry  heavyweight  that 
will  have  53  satellites  covering  220 
countries,  the  companies  said  last 
week.  Both  companies  provide  broad¬ 
band  Internet,  telephony  and  video 
services.  Intelsat  has  historically 
been  strongest  in  voice  and  data, 
while  PanAmSat  is  a  big  provider  of 
video  services  to  cable  TV  companies, 
including  CNN  and  MTV. That  makes 
their  businesses  complementary,  they 
say.  The  companies  say  they  hope  to 
close  the  deal  in  six  months  to  a  year. 

■  Equant  announced  last  week  it 
has  signed  a  multiyear  deal  with 
Stride  Rite  to  provide  the  children's 
footwear  retailer  with  a  secure  IP 
VPN  to  264  stores  around  the  U.S. 
The  carrier  would  not  reveal  the 
financial  details  of  the  contract. 
Equant  is  working  with  GoRemote 
Internet  Communications  to  provide 
Stride  Rite  with  a  secure  DSL  ser¬ 
vice  to  the  majority  of  the  retailer's 
store  locations.  Stride  Rite  was  look¬ 
ing  for  a  point-of-sale  network  to 
replace  its  dated  dial-up  system, 

With  the  new  DSL-based  IP  VPN  ser¬ 
vice,  Stride  Rite  plans  to  add  applica¬ 
tions  that  will  automate  its  gift  card 
and  customer  loyalty  systems,  which 
was  not  possible  over  the  old  narrow- 
band  network.  Stride  Rite  is  building 
on  its  current  contract  with  Equant 
under  which  the  international  service 
provider  supports  an  MPLS-based  IP 
VPN  in  North  America  and  China. 

■  AT&T  announced  last  week  that  it 
has  won  a  $1 .2-million  contract  from 
Dick's  Sporting  Goods  to  provide  an 
IP  VPN  connecting  stores,  corporate 
offices  and  distribution  centers 
across  the  U.S.  Under  the  one-year 
deal,  AT&T  will  upgrade  services  sup¬ 
porting  239  locations,  enabling  access 
to  the  carrier's  high-speed  backbone 
and  providing  application  support. 
Dick's,  with  the  acquisition  of 
Galyan's  Trading  Co.,  has  locations  in 
34  states  and  had  $2.1  billion  in  sales 
in  2004. 


Addressing  the  MPLS  challenge 


Maintaining  MPLS  VPN  service 
consistency  has  emerged  as  a 
major  issue  for  companies  employ¬ 
ing  multiple  carriers  for  global 
reach.  Nexagent  is  a  5-year-old 
company  based  in  the  UK.  that 
develops  hardware  and  software 
designed  to  link  carrier  networks. 
CEO  and  founder  Charlie  Muirhead  recently  spoke  with 
Network  World  Managing  Editor  Jim  Duffy. 

Is  MPLS  VPN  service  consistency  a  big  concern  among  corporations? 

The  challenge  is  connecting  networks  in  a  scalable  and  reliable 
way  while  ensuring  that  you  can  extend  the  rich  service  model 
from  one  network  to  another  rather  than  diluting  it  down  to  the 
lowest  common  denominator  services.  How  do  you  solve  this 
from  an  operational  and  process  standpoint?  There’s  a  whole 
bunch  of  choices  available  to  them.  Historically  enterprises  pretty 
much  built  the  solutions  themselves.They  would  buy  bandwidth 
from  many  carriers.That  was  a  big  task.  Along  comes  the  world  of 
VPNs  and  the  large  international  carriers  would  turn  around  and 
say ‘If  you  want  consistency  and  [service-level  agreements],  you 
have  to  give  it  all  to  me,  on-net.’ That  jarred  some  customers  who 
played  their  bandwidth  suppliers  off  of  each  other  to  keep  them 
keen  on  price  and  quality  So  these  global  enterprises  find  them¬ 
selves  in  an  interesting  position:  Do  they  go  to  a  single  global  car¬ 
rier  knowing  that  that  carrier  doesn’t  have  the  network  in  all  the 
countries,  and  somewhere  under  the  hood  there’s  an  activity 
going  on  which  is  really  network  integration?  The  default  is  to 
continue  doing  it  yourself. That  means  buying  MPLS  services  from 
different  carriers  around  the  world  and  integrating  those. The 
third  option  is  to  go  straight  to  a  systems  integrator  who  historical¬ 
ly  would  essentially  take  over  running  your  in-house  [do-it-your- 
self]  architecture  with  great  scale  of  economy  Then  you  have  the 
virtual  network  operators  that  are  just  beginning  to  emerge. 

Sounds  like  a  daunting  problem  for  a  company. 

It  is.The  global  enterprises  have  a  lot  of  choices.There’s  pros 
and  cons  to  each.They’re  always  quite  suspicious  about  the  moti¬ 
vations  of  the  global  carriers  because  they’re  always  trying  to  get 
your  traffic  onto  their  facilities  so  they  get  their  margins.  And 
they’re  always  a  bit  suspicious  about  what’s  actually  going  on 
under  the  hood  and  where  do  they  have  network  and  where 
don’t  they  Most  of  the  time  you’ll  hear  about  carriers  responding 
to  bids  with  pricing  for  geographies  they  say  they’re  going  to  have 
when  it’s  not  quite  in  place  yet. 

How  do  interconnected  carriers  hash  out  the  billing  and  settlement 
issues  between  them? 

Let’s  say  a  global  carrier  wants  to  have  partners  in  five  off-net 
regions. Their  requirements  will  be  to  link  up  carriers  to  their  own 
core  network  in  a  secure  and  reliable  way  where  they  can  put 
multiple  customer  connections  to  the  same  physical  intercon¬ 


nect.  So  they  need  to  have  a  method  of  physically  connecting 
those  and  controlling  which  VPNs  extend  across  which  partner- 
ships.That  requires  quite  a  bit  of  network  architecture  to  be  done. 
Then  you  need  a  way  to  run  services  that  go  across  [those  inter¬ 
connect  points] .  [Carriers]  need  to  do  a  pre-sales  process  of 
examining  which  partners  they’re  going  to  have  to  use  in  which 
countries  and  they  have  to  come  up  with  some  way  of  modeling 
that.  Those  pre-sales  processes  have  got  to  be  pretty  thorough 
because  you’ve  got  to  come  up  with  a  price  for  the  solution  that 
you  can  bid  to  the  customers  to  make  you  money  but  still  keen 
enough  to  win  the  business. You’ve  got  to  have  the  tools  to  calcu¬ 
late  what  needs  to  be  done  on  your  partners’  networks.The 
instruction  you  send  to  your  partner  is  typically  a  work  order, 
which  says  ‘I  want  this  service  from  you  in  these  countries,  on 
these  parts  of  your  networks,  with  these  SLAs  for  these  sites  and 
these  three  addresses,  and  this  kind  of  monitoring  frequency  and 
so  forth,  and  here’s  the  money  we’re  going  to  pay  you  . .  .’That’s  the 
kind  of  level  of  detail  that  would  go  to  each  of  your  carrier  part¬ 
ners  and  then  that  would  all  need  to  go  into  a  project  plan.  And 
you  need  to  track  the  progress  of  each  of  your  carrier  partners 
around  the  world  to  make  sure  they  deliver  what  they’re  sup¬ 
posed  to  deliver  on  time.  So  there’s  a  whole  assurance  process 
that  goes  on  which  feeds  up  into  the  macro-assurance  process 
that  the  global  carrier  will  already  have  in  place. 

You  recently  announced  that  you  joined  the  MFA  Forum,  which  is  also 
working  on  an  MPLS  Interconnect  specification.  Why? 

Four  years  ago,  we  delivered  Version  1  of  our  interconnect  archi¬ 
tecture.  Over  the  course  of  those  years,  it’s  evolved.  Now  that  the 
industry  is  waking  up  to  the  challenge,  we  wanted  to  get  the 
appropriate  forums  thinking  about  the  problem  and  agreeing 
how  that  should  look  in  the  future.  We  absolutely  support  an 
open  interconnect  architecture  and  our  software  over  time  has 
evolved  to  support  whatever  comes  through  those  standards 
processes. We  are  participating  and  contributing  as  much  as  we 
can  of  what  we’ve  learned  into  that  process  so  that  we  get  the 
best  brains  in  the  world  thinking  about  what  this  should  look  like 
so  we  can  come  up  with  something  for  the  industry  That,  of 
course,  will  be  an  interconnect  point  that  enables  the  carriers 
that  have  agreed  on  standardized  service  definitions  to  work 
very  easily  together.  We’re  also  jointly  proposing  a  new  working 
group  in  the  IETF  with  a  handful  of  vendors  and  a  handful  of 
the  carriers  ...  on  this  area  of  VPN  service  interconnection. 

You're  also  a  member  of  the  IPsphere  Forum,  which  is  also  addressing 
the  interconnect  issue.  Are  these  activities  redundant9 

They’re  all  doing  different  things.The  IETF  is  working  at  a  pro¬ 
tocol  level.The  MFA  is  about  implementation,  best  practices  at 
the  network  layer  —  what  they  call  in  the  IPsphere  the  IC1,  Inter- 
Carrier  Interconnect.  The  IPsphere  is  working  at  the  services 
architecture  level  saying, ‘What  services  do  customers  want  to 
buy?  What  will  those  look  like?’  and  how  do  the  different  part¬ 
ners  signal  to  each  other  what  they  want. So  they  all  have  differ¬ 
ent  functions  and  this  is  such  a  huge  space  that  there’s  no  one 
organization  that  could  tackle  all  of  that.  ■ 
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Telecom  taxes:  Time  for  a  tea  parly 


EYE  ON  THE  CARRIER 

Johna  Till  Johnson 


The  federal  government  is  des¬ 
perately  out  of  date  on  telecom 
taxation.  Not  only  are  some  of 
today’s  taxes  rooted  in  the  politics 
of  the  1800s,  but  the  entire  telecom 
tax  structure  is  based  on  a  set  of 


assumptions  that  no  longer  apply 
The  biggest  of  these  is  that  tele¬ 
com  services  represent  an  inex¬ 
haustible  cash  cow:  Users  won’t 
mind  paying  a  little  more  on  their 
phone  bills,  and  telcos  won’t  mind 


cutting  just  a  hair  deeper  into  their 
profit  margins.  This  has  led  to  a 
scenario  in  which  cash-strapped 
regulators  find  it  easier  to  lard 
communications  services  with 
“extra  fees”  than  fight  the  uphill 
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STOP  THE  INSANITY! 

ESPION  Interceptor  with  advanced  A.L 

Over  99%  accurate  antispam, 
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Secure  email  module 
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Get  the  [Revolution  in  comprehensive  email  security: The  intelligent 
ESPION  Interceptor  with  advanced  A.I.  Thanks  to  its  unique,  new 
artificial  intelligence  "brain”  and  the  fact  that  we  hyperseed  it  with 
existing  knowledge,  the  Interceptor  is  self-learning  and  adapts 
automatically  to  your  organization's  mail  flow,  guarding  against  spam, 
viruses,  and  other  intrusions  right  out  of  the  box.  The  Interceptor 
provides  over  99%  accuracy,  yet  it  requires  almost  no  administration 
on  your  part. 

ESPION  Interceptor  now  features  a  unique  new  secure  email 
module,  [MXJLock.  This  dual  key  system  places  secure  mail  in 
a  "lockbox"  on  the  Interceptor,  guarded  by  keys  with  up  to  1 024 
bit  encryption.  This  system  meets  stringent  HIPAA  requirements 
and  ensures  that  your  confidential  data  stays  confidential. 
Go  to  www.espionintl.com  to  learn  more,  or  call  [866]  377-4685! 
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Smart.  Secure.  Simple. 
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(or  more  information  or  to 
arrange  a  free  evaluation! 


political  battle  of  raising  taxes. 

That’s  how  we  got  the  Federal 
Excise  Tax,  which  was  enacted  in 
1898  to  pay  for  the  Spanish- 
American  War,  and  has  been 
charged  to  telecom  users  pretty 
much  ever  since. 

The  Senate  Finance  Committee 
is  currently  reviewing  a  proposal 
by  Sen.  Rick  Santorum  (R.-Pa.)  to 
repeal  the  tax  for  good.  Great 
idea,  but  don’t  count  on  it  hap¬ 
pening  any  time  soon.Santorum’s 
proposal  is  in  reaction  to  a 
January  suggestion  by  Congress  of 
expanding  the  Federal  Excise  Tax 
to  cover  broadband  and  Internet 
services.  Oh,  and  the  IRS  is  hinting 
that  the  Federal  Excise  Tax  should 
apply  to  VolRtoo.  Seems  the  feder¬ 
al  government  just  can’t  get  over 
the  idea  of  skimming  from  the 
telecom  till. 

But  that  till  is  getting  emptier,  as 
telecom  profits  have  definitely 
dropped  precipitously  over  the 
past  five  years. 

So  regulators  are  digging  ever 
deeper  for  their  dollars,  which 
brings  us  to  the  next  point:  the 
Universal  Service  Fund  (USF).l’ve 
detailed  the  fund’s  Byzantine 
architecture  and  incompetent 
oversight  in  previous  columns. 
These  days,  VoIP  advocates  are 
steaming  because  in  an  FCC 
proposal  submitted  to  the  public 
for  comment  in  August,  Com¬ 
missioner  Robert  Nelson  calls  for 
applying  USF  charges  even  more 
aggressively  to  VoIP  providers. 

I  don’t  thinkVoIP  services  deserve 
preferential  treatment  over  tradi¬ 
tional  telephony  service. 

The  problem  isn’t  that  a  bad  tax 
is  applied  to  VoIP  It’s  that  it’s 
applied  at  all. 

For  more  than  a  century  the  fed¬ 
eral  government  has  found  it  easy 
and  convenient  to  tax  telecom 
because  the  taxes  were  hidden  in 
high  cost  and  higher  profitability 
Now  that  disruptive  technologies 
such  as  VoIP  have  slashed  costs 
and  cut  deeply  into  profits,  that 
model  no  longer  works.  If  we  want 
to  fund  initiatives  like  Universal 
Service,  let’s  say  so  —  and  pay  for 
them  up  front. 

As  for  the  Spanish-American 
War:  Hello, Washington,  it  ended  in 
1898.  Let’s  end  its  taxes,  too. 

Johnson  is  president  and  chief 
research  officer  at  Nemertes 
Research.  She  can  be  reached  at 
johna@nemertes.  com. 
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TECHNOLOGY  UPDATE 


■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 

SAS  cuts  a  wide  data  path 


HOW  IT  WORKS:  SAS 


Serial-attached  SCSI  storage  technology  offers  low-cost,  high-performance 
storage. 
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RAID  controller 
with  internal  SAS 
expander 
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SAS  expander 


SAS  expander 
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SAS  and  SATA  drives 

11  The  RAID  controller  is  outfitted  with  an  internal  SAS  driver  expander  to  allow  for  the  use  of  lower-cost 
SAS  drives,  supporting  bandwidth  of  3G  bit/sec. 

0  External  expanders  connected  in  a  daisy  chain  allow  for  a  mix  of  SAS  and  SATA  drives  to  be  controlled  by 
a  single  RAID  controller,  creating  a  tiered-storage  environment.  SAS'  wide  port  capability  allows  multiple 
SAS  addresses  to  be  treated  as  one  SAS  address.  This  fat  data  pipe  supports  up  to  12G  bit/sec  in  bandwidth. 


BY  LARRY  JACOB 

Until  recently  data  centers  were  populat¬ 
ed  primarily  with  storage-area  networks 
that  used  Fibre  Channel  connectivity  and 
parallel  SCSI  interfaces.  Such  storage  solu¬ 
tions  deliver  high  performance  and  relia¬ 
bility  but  carry  a  high  price  tag.  However, 
serial-attached  SCSI  technology  is  poised 
to  keep  storage  costs  down  without  com¬ 
promising  functionality  or  performance. 

The  SAS  1.1  standard  is  in  the  final 
approval  phase  of  the  International  Com¬ 
mittee  on  Information  Technology  Stan¬ 
dards’  (INCITS)  T10  committee.Storage  ven¬ 
dors  plan  to  introduce  SAS  products  in  the 
next  few  months  that  will  replace  Fibre 
Channel  disks  with  more-economical  SAS 
disks. 

The  SAS  interface  supports  SAS  and  seri- 
al-ATA  (SATA)  drives,  the  type  typically 
found  in  PCs  and  low-end  servers.  SATA 
drives  cost  less  and  offer  less  performance 
than  Fibre  Channel  and  SAS  drives.  But  they 
are  ideal  candidates  for  near-line  storage  of 
information  that  is  not  accessed  frequently; 
a  second  tier  of  disk-resident  storage. 

The  compatibility  of  SAS  and  SATA  drives 
begins  with  their  low-level  interface  char- 


Got  great  ideas? 


■  Network  World  is  looking  for  great  ideas 
for  future  Tech  Updates.  If  you’ve  got  one, 
and  want  to  contribute  it  to  a  future  issue, 
contact  Senior  Managing  Editor,  Features  Amy 

Schurr  (aschurr@nww.com) 


acteristics.  In  fact,  SAS  and  SATA  physical 
signaling  is  set  by  the  same  standard  and  is 
indistinguishable.  The  addition  of  the  SATA 
Tunneling  Protocol  to  the  SAS  standard 
paved  the  way  for  allowing  a  single  SAS 
controller  to  support  first-  and  second-tier 
storage. 

Traditional  storage  subsystems  begin  with 
a  RAID  controller  that  must  support  two 
interfaces:  one  to  interconnect  to  the  host 
SAN  (traditionally  Fibre  Channel)  and  one 
to  support  the  connection  of  the  hard-disk 
drives.  Although  the  Fibre  Channel  loop 
can  support  up  to  127  hard-disk  drives,  per¬ 
formance  can  be  optimized  by  using  far 
fewer  drives  per  loop  plus  the  use  of  Fibre 
Channel  switches. 

Although  the  new  serial  hard-disk  drives 
share  the  serial  nature  of  Fibre  Channel, 
they  do  not  share  the  ability  to  form  loops. 
The  SAS/SATA  interfaces  are  strictly  de¬ 
fined  as  point-to-point  with  unique  port 
addresses.  That’s  where  the  SAS  expander 
comes  in. 

RAID  controllers  designed  to  support 
SAS/SATA  hard-disk  drives  have  semicon¬ 
ductor  expander  chips  built  into  them. The 
Cables  and  Connectors  Addendum  to  the 
SATA  standard  provides  for  16  hard-disk 
drive  ports.  Implementations  today  usually 
provide  for  12  to  15  hard-disk  drives  per 
enclosure.  A  SAS  expander  function  is 
defined  in  the  standard  as  a  chip  or  printed 
circuit  board  that  lets  one  SAS  address  be 
expanded  to  a  number  of  additional  ports. 
RAID  internal  expanders  are  chips,  while 
external  expanders  are  boards. 

Although  the  Fibre  Channel  and  SAS 
expander  architectures  appear  similar,  SAS 


offers  an  important  advantage.  The  up¬ 
stream  SAS  port  can  be  configured  as  a 
wide  port  that  lets  multiple  SAS  connec¬ 
tions  (typically  four)  be  treated  as  one  SAS 
address.The  result  is  a  fat  data  pipe  known 
as  a  SAS  wide  port. 

For  example,  a  connection  of  Fibre 
Channel  drives  in  a  traditional  loop  or  point- 
to-point  interface  scenario  can’t  exceed  the 
Fibre  Channel  bandwidth,  which  is  about  4G 
bit/sec. With  SAS  architecture  and  the  imple¬ 
mentation  of  SAS  wide  ports,  SAS  bandwidth 
of  3G  bit/sec  for  a  single  interface  can  be 


multiplied  to  12G  bit/sec. 

Emerging  RAID  controllers  and  storage 
subsystems  take  advantage  of  the  band¬ 
width  of  the  SAS  wide  port  and  the 
reduced  cost.  By  providing  a  way  to 
widen  the  data  path  while  mixing  SAS 
and  SATA  drives,  SAS  goes  a  long  way 
toward  meeting  lower-cost,  tiered-storage 
requirements. 

Jacob  is  senior  director  of  product  man¬ 
agement  forArio  Data  Networks.  He  can  be 
reached  at  ljacob@ariodata.com. 


My  office  uses  Windows  XP  computers,  which 
can  show  who  logged  on,  and  when.  But  we  turn 
off  the  computers  when  not  in  use  and  have 
24/7  security  available  to  be  notified  when  any 
computer  activity  is  detected.  Is  there  a  tool 
that  will  provide  a  pop-up  window/warning 
when  someone  tries  to  attach  something  to  a 
port  and  log  on  to  our  computers?  The  window 
would  need  to  contain  information  about  the 
location  of  the  attacker. 


You  might  be  able  to  achieve  this  goal  simply  by 
configuring  the  desktop  firewall  software  to  block 
everything  except  what  is  permitted  and  turn  on  the 
feature  that  alerts  the  user  every  time  something  is 
blocked.  For  enterprise  networks,  there  are  intrusion 
prevention  systems  available  from  several  vendors, 
including  Symantec,  McAfee  and  Internet  Security 
Systems.  Some  desktop  IPS  features  are  available  in 
anti-virus  and  firewall  offerings  from  these  and  other 
vendors. 


Most  products  log  results  rather  than  give  pop-up 
alert  windows.  For  personal  and  small,  home-office 
networks,  theTokenmon  program  (at  www.sysinter- 
nals.com)  makes  a  strong  addition  to  the  buiit-in 
security  logging  and  viewing  tools  that  come  with 
Windows. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr  inter net@change.-r. 
work.com. 
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Remote  pings  and  remote  control 


Regarding  last  week’s  look  at 
PingPlotter  from  Nessoft,  we 
should  have  noted  that  the 
release  of  the  next  version,  2.7,  is 
scheduled  for  September — we  were 
working  with  a  beta  version. 

There’s  also  one  other  feature  of 
the  product  we  didn’t  cover:  the  abil¬ 
ity  to  gather  traceroute  data  from  a 
remote  Web  server  running  a  custom 
Perl  script  for  *nix  hosts.  The  script 
invokes  the  standard  traceroute  and 
takes  its  output  to  create  a  simplified 
Web  page  showing  the  routing  data.  The  data  is  retrieved 
periodically  by  a  custom  script  running  under  PingPlotter 
(yes,  it  now  has  a  scripting  subsystem)  and  the  results  are 
handled  just  like  locally  gathered  data. 

This  remote  traceroute  lets  you  get  a  “global”  view  of  the 
routing  to  and  latency  of  any  “pingable”  device,  which  of 
course  includes  the  route  from  the  Web  server  back  to 
you.  When  you  are  investigating  problems  concerning 
Voipthis  is  a  very  useful  tool,  as  we  have  found  out. 

In  our  case  PingPlotter  showed  that  our  VoIP  problem 
wasn’t  Vonage’s  fault  but  that  SBC  was  to  blame.  The  SBC 
Level  2  tech  support  wonk  we  talked  to  had  us  restart  the 
DSL  modem  by  unplugging  it  rather  than  just  switching  the 
thing  off  (they  claim  this  is  necessary  to  ensure  that  the 
device  really  does  reset;  sounds  a  little  unlikely  to  us  — 
what  do  you  think?). 


We  had  done  exactly  this  exercise  several  times  over  the 
past  couple  of  weeks,  but  this  time  the  gods  of  bits  were 
paying  attention,  and  we’ve  had  24  hours  of  normal  DSL 
service.  Let’s  hope  it  stays  that  way 
Anyway,  this  week  we  want  to  discuss  remote  access.  On 
the  software  front  we’ve  been  using  TightVNC,  a  freeware 
tool  that  we  discussed  some  time  ago,  but  we’ve  been 
meaning  to  take  a  look  at  a  commercial  product  called 

NetOp  always  has  been  a 
sophisticated  system  and  now 
works  on  a  wide  range  of  plat¬ 
forms  as  a  guest . . .  and  a  host. 

NetOp  Remote  Control  from  Danware  Data  A/S. 

NetOp  always  has  been  a  sophisticated  system  and 
now  works  on  a  wide  range  of  platforms  as  a  guest  (the 
controlling  computer)  and  a  host  (the  computer  being 
controlled  remotely).  Guest  platforms  include  Windows 
Server  2003,  Xf)  2000,  Terminal  Services,  NT  4.0,  ME,  98 
and  95,  with  limited  guest  control  when  used  with 
Windows  CE,  Linux,  Solaris  or  as  an  ActiveX  component 
in  Internet  Explorer. 

As  a  host,  NetOp  supports  Windows  Server  2003,  XP2000, 
Terminal  Services,  NT  4.0,  NT  3.5 1 ,  NT  3. 1 ,  ME,  98, 95,  CE  and 
3.  lx,  as  well  as  Linux,  Solaris,  Mac  OS  X,  DOS  and  OS/2  4.x 
and  3.x. 


The  latest  release,  Version  8  (see  the  list  of  new  features 
and  Version  8  release  notes  at  www.networkworld.com, 
DocFinder:  8727),  has  a  much-improved  installation 
process  and  adds  a  separate  remote  management  system 
that  includes  access  to  disk  drives,  task  management, 
remote  system  features  and  registry  editing. 

A  whole  slew  of  security  enhancements  have  been 
added,  as  has  support  for  Port  80  connections  between 
guests  and  hosts  (to  easily  get  around  firewalls), support  for 
IPv6  and  the  ability  of  multiple  guests  to  simultaneously 
gain  access. 

Performance  has  been  improved,  and  support  has  been 
added  for  Red  Hat  Enterprise  Linux  3.0,  Fedora  Core  II 
and  III  Linux,  and  Mandrake  10  Linux  as  both  a  guest  and 
host,  along  with  Mac  OS  X  10.3,  OS/2  4.x  and  3.x,  and  DOS 
as  hosts. 

We  tried  using  XP  as  the  guest  and  Mac  OS  X  10.4  and 
Windows  2003  Server  Edition  running  VMware  Workstation 
5  as  hosts  and  everything  worked  perfectly  The  only  slight 
issue  is  that  screen  refreshes  for  the  Macintosh  result  in 
noticeable  visual  artifacts,  but  that’s  not  close  to  being  a 
deal  breaker. 

There’s  a  lot  more  to  NetOp  that  we  just  don’t  have  space 
to  go  into  but  we  think  it  is  the  best  remote  control  system 
we’ve  used.  Highly  recommended. 

Access  gearhead@gibbs.com  remotely  by  e-mail.  And 
check  Gearblog  (www.networkworld.com/weblogs/gear 
blog/)  for  links  and  notes  for  this  column. 


GEARHEAD 

INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


A  recent  vacation  has  slowed  the  testing  at  the  Cool  Tools  Lab,  so 
.4  this  week  we’ll  highlight  some  recently  announced  products  that  we 
hope  to  try  out  soon: 

Acer  TravelMate  4020 

The  TravelMate  4020  series  of  notebooks  are  designed  to  provide  desktop  perfor¬ 
mance  in  a  more-portable  form  to  small  office  home  office  and  small  to  midsize 
business  users.The  6.5-pound  notebooks,  which  are  priced  starting  at  about 
$900,  include  management  utilities,  such  as  power  man¬ 
agement,  recovery  and  presentation  tools.  Included 
is  the  GridVista  application,  which  lets  as  many  as 
four  windows  be  screened  simultaneously  each  asso¬ 
ciated  with  a  different  application. 

The  TravelMate  4021WLCi  model  includes  an  Intel 
Pentium  M  Processor  725  (1.6-GHz  processor,  2M  bytes 
of  Layer  2  cache  and  a  400-MHz  front  side  bus),  Win¬ 
dows  XP  Professional,  512M  bytes  of  memory,  a  60G-byte 
hard  drive,  CD-RW/DVD-ROM  drive,  Intel  Graphics  Media 
Accelerator  900  card,  integrated  802.1  lb/g  wireless,  10/100M 
bit/sec  Ethernet  and  V92  modem.The  notebook  includes  a 
15.4-inch,  1 ,280-by-800-pixel  LCD  screen. 


The  Acer  TravelMate 
4020  series  are  6.5- 
pound  notebooks  with 
management  utilities. 


a  PictBridge-enabled  digital  camera. 

Users  also  can  print  directly  from  a  memory  card 
(Compact  Flash,  Microdrive,  SmartMedia,  Memory 
Stick,  and  MultiMedia  Card  and  Secure  Digital 
cards  are  supported), an  infrared-enabled  mobile 
phone  or  wirelessly  through  a  Bluetooth  con-  - 
nection  (with  an  optional  Bluetooth  adapter 
connected). The  DS810  includes  a  2.5-inch  color 
LCD  screen  for  basic  editing,  color  correction  and 
cropping  functions. 


Canon's  printer  cre¬ 
ates  4-  by  6-inch 
photos  with  good 
resolution. 


Canon  Selphy  DS810  Compact  Photo  Printer 

We’re  big  fans  of  printing  our  digital  photos  without  using 
a  PC,  so  the  new  Canon  DS810  Compact  Photo  Printer  ($150,  expected  to  be  avail¬ 
able  later  this  month)  intrigues  us. The  printer  can  create  4-  by  6-inch  photos  with 
resolutions  up  to  4,800-by-l  ,200-dpi  in  about  63  seconds, connected  directly  through 


Belkin  TuneSync 

We’re  also  big  fans  of  devices  that  include  more  than  one  tech¬ 
nology  in  a  device,  so  we’re  excited  by  the  news  of  Belkin’s  TuneSync,  which  com¬ 
bines  an  iPod  charging  station  with  a  five-port  _ n 

USB  2.0  hub.  In  addition  to  letting  users  con¬ 
nect  as  many  as  five  USB  devices  (such  as 
printers,  scanners,  hard  drives  and  cameras), 
the  TuneSync  charges  and  synchronizes  an 
iPod  or  iPod  mini  device.lt  includes  a  stereo- 
out  jack  that  lets  you  listen  to  music  via 
headphones,  powered  speakers  or  a 
stereo.  The  system  includes  LEDs  that 
provide  port  and  power  status 
indications. 

The  TuneSync  is  scheduled 
to  be  available  in  North  America 
in  November  for  about  $60. 

Shaw  can  be  reached  at  kshaw 
@nww.com. 


Belkin’s 
TuneSync 
combines  an 
iPod  charging 
station  with  a 
five-port  USB 
hub. 


Satellite  Application  and  Content  Delivery 
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October  26-27,  2005 
Javits  Convention  Center 
New  York,  NY 


www.satconexpo.com 


Three  program  tracks,  including: 

•  Enterprise  Applications 

•  Military,  Government,  Security,  Relief  Agencies, 
and  NGO’s 

•  Broadcast,  Media  &  Entertainment 
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Living  with  fiber 
to  the  home 

■  had  Verizon’s  5M  bit/sec  FiOS  fiber-to-the-home  (FTTH)  ser¬ 
vice  installed  last  week  and  got  curious  about  how  it 
worked  so  1  called  the  company  for  more  information. 
Verizon  says  it  started  deploying  FiOS  in  May  2004  and 
today  is  rolling  it  out  in  targeted  communities  in  15  of  the 
28  states  the  company  serves.  By  year-end  FiOS  will  pass  3 
million  homes  and  business,  which  is  10%  of  Verizon’s  30 
million  wireline  customer  base  and  roughly  the  number  of 
DSL  customers  Verizon  has  today 
The  service  supports  three  data  rates:  5M  bit/sec  down- 
stream/2M  bit/sec  upstream  for  $39.95  per  month;  15M/2M 
for  $49.95;  or  30M/5M  for  $199.95.  And  by  the  end  of  the  year 
the  company  plans  to  use  the  same  fiber  plant  to  offer  300 
channels  of  digital  video  and  music  and  video  on  demand. 

For  current  DSL  customers  the  FiOS  upgrade  is  a  hard 
deal  to  pass  up  because  the  monthly  rate  is  the  same  and 
the  installation  is  free.The  latter  includes  running  the  fiber, 
installing  the  optical  network  terminal  (ONT)  on  the  house 
and  a  battery  backup  indoors,  running  CAT5e  to  the  prima¬ 
ry  computer,  providing  a  four-port  router  and  configuring 
one  PC  for  use  with  the  service. 

The  Verizon  architecture  is  based  on  the  Broadband 
Passive  Optical  Network  standard,  with  622M  bit/sec  fibers 
run  into  neighborhoods  and  passively  split  (no  electronics 
used)  into  32  individual  fiber  runs,  each  house  getting 
roughly  20M  bit/sec  of  capacity. 

The  ONT,  which  converts  the  photonic  signal  back  to  elec¬ 
tronic,  has  four  telephone  ports,  a  10/100  Ethernet  data  port 
and  a  coax  port  for  video. Video  will  be  carried  over  a  sepa¬ 
rate  wavelength  of  light  —  its  own  800  MHz  channel  —  and 
will  not  sap  data  capacity 

ATM  is  used  as  the  Layer  2  signaling  protocol,  meaning 
Ethernet  and  voice  traffic  are  encapsulated  in  ATM  cells. 
VoIP  isn't  used  today,  but  a  spokesman  says  newer  ONTs 
will  make  that  possible  next  year. The  company  will  also 
begin  deploying  some  gigabit  PON  in  2006. 

What’s  all  of  this  costing?  Verizon  will  say  only  that  it  spent 
$1  billion  on  FiOS  last  year  and  capital  spending  is  up  rough¬ 
ly  15%  this  year  to  $15.3  billion,  the  extra  money  primarily 
earmarked  for  broadband  wireline  and  broadband  wireless 
deployments. 

Network  World  columnist  Thomas  Nolle,  president  of 
technology  analysis  firm  CIMI,says  FTTH  costs  telcos 
$1,000  to  $1,500  per  customer.As  such, the  services  will  be 
rolled  out  only  where  carriers  can  expect  substantial  aver¬ 
age  revenue  per  user  (ARPU).“We  estimate  that  about  20% 
of  the  population  could  generate  enough  ARPU  to  justify 
FTTH.”  Nolle  says. 

Does  it  work?  Without  a  hitch.  Life  at  5M  bit/sec  is  different. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


A  matter  of  trust 

Regarding  your  Face-off  on  whether  firms  should 
strictly  control  employee  use  of  mobile  devices 
(www.networkworld.com,  DocFinder:  8721):  Frankly 
I  have  little  respect  for  American  management  these 
days.  And  if  the  contestants  on  “The  Apprentice”  rep¬ 
resent  our  best  and  brightest,  it  looks  like  it’s  only 
going  to  get  worse. 

Lighten  up,  people.Trust  your  employees.There  will 
be  occasional  time-wasters,  but  most  workers  want 
to  do  a  good  job  and  will  use  technology  to  be  more 
productive.  Sometimes  they  will  “play”  with  the  tech¬ 
nology,  but  this  will  only  sharpen  their  grasp  of  it.  If 
you  drive  the  technology  underground,  your  em¬ 
ployees  will  use  it  anyway  and  you  will  not  be  able 
to  address  the  legitimate  security  concerns. 

Jack  Durish 
Mission  Viejo,  Calif. 

Cause  and  effect 

Regarding  “IT  staff  shortage  looming”  (DocFinder: 
8222):  In  a  time  when  my  stepson,  with  no  dis¬ 
cernible  skills  or  experience,  can  walk  into  a  sales 
management  position  for  Sprint,  I  have  trouble  as  a 
highly  skilled  IT  engineer  staying  employed  for  the 
same  salary  The  real  reasons  for  the  “coming  IT  job 
crunch”  are  simple  to  understand:  low  pay  and 
impossible  HR  requirements. 

How  low?  Here  in  Seattle  a  typical  systems  admin¬ 
istrator  opening  is  for  $45,000  with  extensive  experi- 
ence.That’s  not  great  in  an  area  where  a  basic  house 
costs  more  than  $250,000  —  in  the  cheap  areas. 

As  for  requirements,  I’ve  seen  SarbanesOxley  reme¬ 
diation  advertisements  asking  for  three  to  five  years’ 
experience,  in  a  field  a  year  old!  Or  how  about  the 
Active  Directory  architect  positions  in  2002  that  want¬ 
ed  five  or  more  years  deploying  Active  Directory  in  a 


Fortune  500  environment?  IT  professionals  remain 
generalists  while  the  job  requirements  are  being  writ¬ 
ten  for  specialties  that  are  thin  to  nonexistent,  and 
certainly  not  cost  effective  to  obtain. 

Randy  Grein 
Bellevue, Wash. 

Selling  rocket  science 

Regarding  Mark  Gibbs’  BackSpin  column,  “Selling 
rocket  science”  (DocFinder  8723):  I  awakened  my  8- 
year-old  daughter  that  July  26  morning  and  had  her 
watch  the  NASA  channel  with  me.  She  seemed  quite 
impressed  with  the  amount  of  speed  the  shuttle 
reached  before  leaving  the  atmosphere  and  wanted 
to  know  how  fast  that  was  in  relation  to  Dad’s  dri¬ 
ving.  She  is  already  very  interested  in  science  and 
technology  and  I  will  do  everything  in  my  power  to 
see  she  learns  everything  she  wants  to. 

As  an  IT  manager  at  a  law  office,  I  point  out  to 
potential  clients  the  technology  we  use.  Most  of 
them  walk  the  main  floor  and  ask  what  the  orange 
cabling  is  coming  out  of  the  walls  and  into  the  back 
of  the  computers.  This  opens  up  a  quick  tour  of  our 
Gigabit  Ethernet  network.  Explaining  why  we  need 
this  high-speed  network  is  the  next  step,  showing 
them  the  images  of  all  the  documents  we  scan  and 
the  time-  and  money-saving  techniques  we  use  in 
recalling  and  searching  these  documents. 

In  small  part  the  technology  we  use  sells  our  legal 
services,  just  as  a  viewing  of  the  shuttle  launch 
encourages  the  dreams  of  a  little  girl. 

Ken  Henderson 
Litigation  IT  manager 
Law  offices  of  WR.  Ramsey 
Valencia,  Calif. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  /  /  8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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USER  VIEW 

Chuck  Yoke 


The  Internet  -  redundant,  reliable  and  risky 


The  Internet  is  down.  If  you’ve  been  involved 
in  networking  for  more  than  six  months, 
you  probably  have  heard  this  statement. 
You  or  one  of  your  team  sprang  into  action, 
identified  the  problem  and  resolved  the  issue. 

“The  Internet  is  back,  the  network  guy[s]  fixed 
it.”  And  you  didn’t  think  you  had  any  power.  The 
Internet  went  down,  and  you  fixed  it! 

In  reality  you  know  the  Internet  did  not  go 
down.  You  also  know  your  ability  to  affect  its 
operation  is  close  to  nil.  But  that  seemingly  inno¬ 
cent  and  trivial  misstatement  is  creating  a  mis¬ 
understanding  that  could  potentially  affect  a 
company’s  revenue  stream,  profit  and  customer 
satisfaction. 

To  reduce  operational  costs,  companies  are 
evaluating  Internet-based  VPNs  as  an  alterna¬ 
tive  for  costly  dedicated  circuits.  Internet-based 
VPNs  have  many  advantages.  They  can  reduce 
or  eliminate  lead  times  required  for  circuit 
installation. They  let  companies  easily  establish 
connectivity  with  business  partners  and  pro¬ 
vide  a  level  of  security  compliant  with  most 
policies.  And  they  enable  literal  global  connec¬ 
tivity  If  you  can  get  Internet  access,  you  can 
establish  a  VPN. 

The  one  potential  issue  with  VPNs  is  stability 


—  and  here  is  where  the  confusion  comes  in. 
VPN  supporters  argue  the  Internet  is  fully  redun¬ 
dant  and  has  never  gone  down  —  and  they  are 
correct.  VPN  opponents  argue  Internet  connec¬ 
tivity  can  be  unstable,  with  extended  outages 
that  can  impact  the  revenue  stream  —  and  they 
too  are  correct.  How  can  both  be  right? 

If  the  Internet  is  defined  as  the  interconnec¬ 
tion  of  multiple  networks  via  network  access 

This  global  ‘network  of 
networks’  has  never  had 
an  outage  —  as  a  whole. 

points,  Internet  exchange  points  and  ISP  peer¬ 
ing  points,  then  it  is  correct  to  say  that  the 
Internet  has  never  gone  down.  This  global  “net¬ 
work  of  networks”  has  never  had  an  outage  — 
as  a  whole.  Outages  have  occurred  in  specific 
service  provider  networks,  but  as  a  whole  the 
Internet  has  never  gone  down. 

However,  if  the  definition  of  the  Internet 
includes  the  access  connection  into  the  net¬ 
work  of  networks,  then  the  Internet  can  go 
down.  Access  problems  are  not  unusual.  A 


branch  office  asymmetric  DSL  (ADSL)  connec¬ 
tion  can  go  down  for  a  variety  of  issues.  Since 
ADSL  has  much  lower  service  levels  than  dedi¬ 
cated  connectivity,  an  outage  of  48  hours  or 
more  is  not  uncommon,  which  can  affect  the 
revenue  stream. 

But  this  does  not  mean  VPNs  are  not  a  viable 
connectivity  option.  As  noted  above,  the  net¬ 
work  of  networks  has  proven  to  be  very  reliable 
and  stable.  It’s  the  access  method  that  can 
cause  the  problem. 

Many  people  equate  VPN  connectivity  with 
DSL  access,  but  dedicated  access  methods 
such  as  frame  relay  private  line  and  ATM  can 
still  reduce  costs  while  providing  service  levels 
equivalent  to  those  of  dedicated  connectivity. 
By  using  site  revenue  generation  as  a  guide  and 
implementing  dedicated  access  in  high-rev¬ 
enue-generating  locations  with  DSL  utilized  in 
sites  that  can  accommodate  an  extended  out¬ 
age,  you  can  create  a  corporate  VPN  network 
that  reduces  operational  costs  and  still  pro¬ 
vides  appropriate  revenue  stream  protection. 

Yoke  is  director  of  strategy  and  architecture  for 
a  global  travel  and  real  estate  corporation.  He 
can  be  reached  at  ckyoke@yahoo.com. 


ON  SECURITY 

Winn  Schwartau 


Patty  Hearst  and  the  Redmond  syndrome 


What  does  Patty  Hearst  have  to  do  with  net¬ 
works?  Well,  she  was  kidnapped  by  the 
Symbionese  Liberation  Army  in  1974  and 
eventually  became  an  accomplice  of  the  group. 
The  phenomenon  of  identifying  with  one’s  captor 
is  commonly  known  as  the  Stockholm  syndrome. 
Essentially,  one  feels  trapped,  unable  to  escape  the 
situation.  The  captors  offer  small  doses  of  kind¬ 
ness  and  hope  to  build  a  relationship  of  willing 
compliance. 

Now  think  networks.  Too  often  we  fall  into  the 
trap  of,  “Well,  it  might  not  work  as  well  as  it  should, 
but  better  to  sleep  with  the  devil  you  know  than 
to  try  something  else.”  Think  about  the  vendors 
whose  products  are  embedded  in  your  infrastruc¬ 
ture.  There  are  versions  1 .0  through  7.9.44;  some 
are  compatible,  some  aren’t  and  some  need  full¬ 
time  babysitting.  It’s  been  a  tough  road.  At  first,  the 
products  work.Then  they  break.You  get  promises. 
They  break  again.  You  upgrade.  They  work  with 
fewer  features.  They  break.  You  get  promises.  This 
is  the  enterprise  network  version  of  the 
Stockholm  syndrome. 

As  security  professionals,  we  must  help  break 
the  cycle  of  what  some  might  call  the  Redmond 
syndrome.This  is  not  anti  any  particular  vendor.  It 
is  about  folks  who  won’t  consider  a  change  to 
improve  their  security 

Before  we  commit  to  a  product  or  vendor-spe¬ 
cific  solution,  we  need  an  escape  plan.  Marriage 
and  business  contracts  have  divorce  clauses  to 
make  the  termination  of  a  relationship  more 
palatable.  Yet  in  our  infrastructures,  where  is  the 


escape  plan  to  shift  vendors  instead  of  depending 
upon  the  next  release  or  new  patch? 

So  what  can  you  do?  Here  are  some  sugges¬ 
tions: 

•  Stop  negative  behavior  before  it  becomes 
habitual  and  causes  significant  harm  to  your  busi¬ 
ness.  If  you  suspect  a  security  problem, immediate¬ 
ly  deal  with  it  head-on,  before  it  gets  worse  and 
becomes  more  difficult  and  expensive  to  correct. 

•  Heal  the  damage  you  experienced  from  prior 
poor  security  implementations. You’re  gonna  pay 
one  way  or  another  —  better  now  than  later. 

Before  we  commit  to  a 
product  or  vendor- specific 
solution,  we  need  an 
escape  plan. 

•  Change  negative  attitudes  and  beliefs  that 
make  your  business  a  victim.  Stop  assuming  that 
the  big  and  well-known  companies  are  techni¬ 
cally  right.  Just  because  everyone  else  uses“XYZ” 
doesn’t  mean  it’s  the  smart  choice. 

•  Learn  healthy  ways  of  communicating  real- 
world  security  needs  to  your  management, 
department  heads  and  staff.  Most  of  them  are  sub¬ 
ject  to  the  same  cycle  of  technical  abuse  that  too 
many  of  us  accept  as  the  cost  of  doing  business. 

•  Seek  out  further  assistance  and  support  from 
those  who  have  done  it  differently  and  are  finding 
solutions  outside  of  the  cycle. 


Perhaps  the  most  important  way  to  avoid  falling 
into  traps  is  to  make  sure  you  have  a  way  out. 
Have  your  vendors  help  you  develop  a  path  for 
making  a  formal,  well-structured  change  to  other 
solutions.They  won’t  like  it,  but  it  is  your  network 
—  it  should  work  the  way  you  want,  when  you 
want,  and  you  should  not  have  to  live  with  a  sin¬ 
gle-vendor  environment  for  any  portion  of  your 
security  or  backbone. 

Interoperability  is  not  just  a  buzzword;  systems 
should  be  proven  interoperable  by  test  and  vali¬ 
dation,  not  a  vendor’s  unsubstantiated  verbal 
claims.  Ideally  vendors  should  act  as  part  of  the 
integration  team  to  give  you  the  best  possible 
solution  and  best  possible  way  to  stop  using  their 
products  when  necessary 

When  attempting  a  migration,  start  small.  Pick  a 
department  where  any  downtime  will  be  felt  the 
least.  Document  your  efforts  and  use  a  road  map 
when  you  choose  additional  deployment. 

The  hardest  thing  to  do,  of  course,  is  to  admit 
that  you  are  a  victim.That  requires  you  to  say“We 
were  wrong.”  Maybe  the  first-generation  solution 
worked  well,  but  subsequent  incarnations  failed. 
You  need  to  have  a  way  out.That  is  always  the  first 
step. The  rest  of  it  is  engineering  that  will  hopeful¬ 
ly  provide  you  with  better  security,  functionality 
and  reliability 

Schwartau  is  a  security  writer,  lecturer  and  presi¬ 
dent  of  Interpact,  a  security  awareness  consulting 
firm.  He  can  be  reached  at  winn@thesecurity 
awarenesscompany.  com. 


This  dialog  box  appears  each  time  an  employee  logs  on. 
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Employees  of  the  Balls  Food  Stores  chain  don’t  down¬ 
load  music  or  video  files.  No  one  listens  to  Internet 
radio  or  accepts  e-mails  with  large  attachments.  And, 
to  an  amazing  degree,  employees  only  visit  Web  sites 
directly  related  to  corporate  business. 
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Audit  of  network  usage  at  Basts  Fo 
confirms  that  tight  policies  are  working  to 
unauthorized'  Web  surf nc 


“Our  policies  and  practices  are  well-established, 
known  by  every  employee  with  a  computer  and 
stictly  enforced.” 

-Lance  Fischer,  network  systems  manager,  Balls  Food 

V 


BY  JOEL  SHORE 


Call  it  Midwest  sensibility,  outright  para¬ 
noia  or  the  direct  result  of  extraordinarily 
tight-fisted  control,  the  Kansas  City,  Kan., 
operator  of  2N  Hen  House  and  Price 
Chopper  supermarkets  and  pharmacies  is 
the  very  model  of  how  a  network  * —  .and  its 
users  —  should  behave.  Not  that  the  users 
really  ever  had  a  choice.. 

Bails  Food's  remarkable  network  usage 
documented  in  an  audit  performed  recently 
by  Networks  Unlimited  of  Hudson,  Mass.,  is 
the  product  of  restrictive  policies  that  grant 
Internet  access  to  employees  on  a  case-by¬ 
case  and  site-by-site  basis  and  by  aggressive 
filtering  of  inbound  and  outbound  e-mail. 


How  aggressive?  Send  out  an  e-mail  with  an 
inappropriate  attachment  and  your  e-mail 
privileges  might  be  suspended  for  a  week. 

"I'm  relieved  at  the  (audit  j  results,  "  says 
CFO  Mike  Beal,  who  stands  firmly  behind 
the  policy. 

Harry  Segal,  president  of  Networks 
Unlimited  and  a  veteran  of  dozens  of  usage 
audits  was  equally  surprised.  These 
results  are  unusually  good  . ' 

Usage  audits  look  for  exposure  in  four 
areas:  productivity  loss,  legal  liability 
bandwidth  consumption  and  data  security. 

Balls  Food  did  well  in  all  four.  Most  users 
can't  get  to  shopping,  auction  or  sports 
Web  sites,  so  there's  little  lost  productivity. 


This  System  is  restricted  solely  to  Balls  Food  Stores  authorized  users  for  legitimate  business 
purposes  only.  The  actual  or  attempted  unauthorized  access,  use  or  modification  of  this  system 
is  strictly  prohibited  by  Balls  Food  Stores.  Unauthorized  users  are  subject  to  company 
disciplinary  proceedings  and/or  criminal  and  civil  penalties  under  state,  federal,  or  other 
applicable  domestic  and  foreign  laws.  The  use  of  the  system  may  be  monitored  and  recorded 
for  administrative  and  security  reasons.  Anyone  accessing  the  system  expressly  consents  to 
such  monitoring  and  is  advised  that  if  monitoring  reveals  possible  evidence  of  criminal  activity, 
Balls  Food  Stores  may  provide  the  evidence  of  such  activity  to  law  enforcement  officials.  All 
users  must  comply  with  Balls  Food  Stores  instructions  regarding  the  protection  of  Balls  Food 
Stores  information  assets. 


'if  we  had  an  open  Internet  policy, 
our  problems  would  be  much  worse," 
says  Lance  Fischer.  Balls  Food's  net¬ 
work  systems  manager.  “Our  policies 
and  practices  are  well-established, 
known  by  every  employee  with  a  com¬ 
puter  and  strictly  enforced."  To 
Fischer,  it’s  mostly  about  enforcement. 

The  policy  is  hammered  home  every 
time  a  user  logs  on  to  the  network-  As 
part  of  the  logon  process,  users  are 
presented  with  a  dialog  box  summa¬ 
rizin'.;  the  policy  and  reminding  them 
that  “the  use  of  this  system  may  be 
monitored  and  recorded  for  adminis- 
t  rat  ice  and  security  reasons,"  To  pro¬ 
ceed.  a  user  must  agree  by  clicking 
the  OK  button. 

To  assure  that  it  has  complete  con¬ 
trol.  Balls  Food’s  network  has  a 
"wagon  wheel”  configuration,  with  the 
central  office  as  the  hub  and  the 
stores  as  spokes.  All  traffic  moves 
through  the  huh  and  all  data  is  stored 
at  the  hub  The  point-of-sale  system 
owned  by  a  different  corporate  depart¬ 
ment.  runs  separately. 

With  nearly  3. (MM)  employees  and  a  PC 
population  of  about  350.  roughly  15 
people  in  each  of  its  28  store  locations 
and  100  at  its  headquarters  have 
Internet  access.  To  maintain  thfi  light¬ 
est  control  possible,  access  is  available 
only  by  using  the  corporate  intranet  as 
a  gateway,  The  scheme  allows 
Fischer's  team  to  specify  the  IP 
addresses,  of  permitted  Web  destina¬ 
tions  to  the  firewall. 

News,  sports,  entertainment  and 
shopping  sites  are  banned  outright. 
Specific  sites  that  are  allowed  include 
those  furnishing  local  weather  fore¬ 
casts,  highway  traffic  reports,  the 
employee  assistance  program,  101  (k): 
account-status  information,  drug- 
screening  and  background  check  sites 
for  employee  candidates,  and  direct 
line-obbusrness  sites  such  as  grocery 
suppliers  and  wholesalers. 

“Other  companies  give  their  employ¬ 
ees  full  Internet  access  and  take  it 
away  when  there  is  a  problem." 

Fischer  says,  “( )ur  attitude  is,  ‘Don't 
give  them  anything  that  s  not.  required 
to  do  their  job.’’’ 

The  one  exception  is  that  the  phar¬ 
macies  have  unlimited  access, 
because  pharmacists  need  to  research 
potential  interactions  between  pre¬ 
scription  drugs  and  over-the-counter 
or  mail-order  remedies, 

.And'  it's,  precisely  because  of  that 
exception  that  the  audit  results 
weren’t  perfect. 

"Right  away.  I  could  see  those 
machines  were  being  used  to  log  into 
i  !i  if  mail  and  other  Web  sites."  Fischer 
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says.  Web-based  personal  e-mail  sites 
are  Fischer's  favorite  target.  "With 
Hotmail  or  Yahoo  there’s  no  control 
oyer  what  comes  in,  We  try  to  block 
multimedia  files . ’’ 

And  wit h  good  reason.  "In  December, 
people  would  receive  an  e-mail  with  a 
Christmas  tree  that  you  could  click  on 
to  decorate.  It  looked  innocent  enough, 
but  it  wound  up  installing  a  ; 

logger  on  people’s  computers." 

That's  bad  enough,  but  when  the 
keystroke  logger  is  on  a  PC  in  a  phar¬ 
macy  that  is  already  struggling  to 
keep  up  with  I lealth  Insurance 
Portability  and  Accountability  Act 
(H1PAA)  privacy  mandates,  the  poten¬ 
tial  for  legal  exposure  skyrockets.  “A 
keystrok'  logger  is  a  clear  HIPAA  vio¬ 
lation,’'  Fischer  says. 

Tools  of  the  trade 

Balls  Food  uses  the  Perimeter 
Manager  preemptive  e-mail1  tiltr  ring 
service  from  Post  ini  for  its  corporate 
system.  Incidents  of  spam  quickly 
dropped  to  nearly  zero,  but  Fischer 
especially  likes  the  ability  to  keep 
viruses  and  SMTP  attacks  from  ever 
reaching  the  enterprise  gateway. 

Post  ini's  presence  also  led  to  the 
suspension  of  one  employee's  e-mail 
privileges.  As  he  scanned  outgoing  e- 
mail,  Fischer  noticed  unapproved 
attachments  being  sent  —  attach¬ 
ments  that  could  not  have  entered 
through  the  Postini-protected  cor  po- 
rate  e-mail  system.  The  source  turned 
out  tu  be  a  personal1  Hotmail  account, 
,k  (.  t  ssed  In  an  employee  w  ho  then 
relayed  the  content:  through  the  com¬ 
pany  x  Microsoft  Exchange  Server. 

'  We  shut  down  someone  s  e-mail  for 
five  days."  Fischer  says.  "Losing  the 
ability  to  send  legitimate  mail  caused  a 
lot  of  grief.  ”  Draconian  perhaps,  but  the 
measure  did  not  need  to  be  repeated 

Inside  the  audit 

To  measure  user  activity.  Networks 
Unlimited  employed  a  server  on 
which  it  installed  Websense,  config¬ 
ured  as  a  passive  logging  tool  that 
performed  no  filtering  action  of  its 
own.  Segal  shipped  the  server  and  an 
engineer  to  Kansas  City  to  install  it. 

Network  activity  lor  a  representa¬ 
tive  group  of  pharmacies  and  head¬ 
quarters  PCs  was  logged  for  1 1  Con¬ 
secutive  days  The  server  was  then 
shipped  hack  to  Networks  Unlimited 
for  analysis.  Data  was  extracted  and 
annualized  totals  wore  extrapolated: 
each  hour  of  logged  activity  over 
tin'  audit  period  scaled  to  33  hours 
over  the  course  of  a  tail  year. 

See  Freeze,  page  41 
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ALL-INCLUSIVE  HOSTING 

THE  BEST  VALUE,  THE  BEST  FEATURES! 


Build  your  own  website  - 
quickly  and  easily! 

Included  with  all  shared  hosting  plans, 
the  all-new  1&1  WebsiteBuilder  lets 
you  easily  design  a  professional-looking 
website  with  no  HTML  knowledge! 
Using  simple  point-and-click  prompts 
and  a  built-in  text  editor,  your  site  can 
be  online  in  minutes.  Add  extras  like  a 
Flash-animated  start  page,  guestbook, 
forum  and  more.  And  integrate  1&1 
tools  like  the  1&1  Dynamic  Content 
Catalog  and  1&1  Photo  Gallery! 


Display  your  photos, 
customize  your  album! 

Import,  organize  and  publish  your 
digital  photos  to  your  own  online 
photo  album  on  your  website  -  quickly 
and  with  no  programming  skills! 
Choose  from  several  eye-catching 
photo  albums,  select  your  favorite 
color  scheme  and  layout,  and  add 
captions  to  your  photos.  You  can  even 
create  slideshows  with  background 
music  and  fade-in/fade-out  transition 
effects  between  slides. 


Add  up-to-the-minute 
web  content! 

The  1&1  Dynamic  Content  Catalog  lets 
you  enrich  your  site  with  fresh  web 
content  and  real-time  news  from  a  wide 
variety  of  topics.  Since  it's  included  with 
all  1&1  shared  hosting  packages, 
adding  dynamic  web  content  is  finally 
affordable!  Integration  through  the 
1&1  Control  Panel  is  a  breeze,  and 
automatic  updates  ensure  your  content 
is  always  current  and  completely 
maintenance  free. 


©  2005  1&1  Internet  Inc.  All  rights  reserved.  Product  and  program  specifications,  availability,  and  pricing  subject  to  change  without  notice.  Visit  1and1.com  for  details. 


The  world's  #1  web  host  delivers  the  features  you  need 

1  &1  gives  you  the  tools  you  need  to  build  an  impressive  website,  communicate 
with  your  visitors,  analyze  your  site's  performance,  promote  your  website  in  leading 
search  engines,  and  much  more.  These  tools  are  included  -  at  no  additional  cost  - 
with  1  &1  shared  hosting  plans  and  are  so  easy  to  use  that  no  programming 
knowledge  is  needed! 


Make  your  site  truly 
interactive! 

Wouldn't  it  be  great  if  you  could  chat 
with  your  visitors  while  they  are  using 
your  website  -  live  and  in  real  time? 
You  can  with  In2site  Live  Dialogue  from 
1&1 1  This  innovative  type  of  Internet 
communication  lets  you  support  your 
visitors  as  they  use  your  website.  And, 
the  quick  and  easy  communication 
makes  In2site  Live  Dialogue  an 
invaluable  tool  for  sales,  support  and 
consulting  professionals. 


Understand  visitor  dynamics  with 
1&1  WebStatistics.  Easy-to-use  menus 
let  you  track  visits,  hits,  the  most 
popular  pages,  referring  websites,  error 
pages,  and  much  more  for  a  detailed 
analysis  of  how  your  website  is 
performing.  Display  the  information  in 
the  format  you  choose  -  pie  charts,  bar 
graphs,  or  simple  numeric  output.  Use 
the  data  to  optimize  your  pages  and 
maximize  the  success  of  your  website. 
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Cons:  Pricey;  not  expandable;  unique  X2 

transceivers  might  increase  sparing  costs; 
no  IPv6  support. 


$30,000  as  tested. 


Pros:  Low  latency  and  line-rate  throughput; 
innovative  security  features. 


Cisco  Catalyst  4948-1 OGE 
aces  performance  tests 


BY  DAVID  NEWMAN,  NETWORK  WORLD  LAB  ALLIANCE 

In  an  exclusive  Network  World  test,  Cisco’s  Catalyst  4948-1  OGE  delivered 
record  low  latency  and  line-rate  throughput.  Coupled  with  innovative  secu¬ 
rity  mechanisms  and  an  extensive  list  of  switching  and  routing  features,  this 
switch  earns  a  Clear  Choice  award. 


With  a  price  of  $30,000,  the  Catalyst  4948-10GE  is  too 
costly  to  be  deployed  in  every  wiring  closet,  but  the  price 
makes  sense  for  use  in  data  centers  where  the  switch  can 
aggregate  connections  from  many  servers  and  send  traf¬ 
fic  over  a  10-Gigabit  Ethernet  backbone. 

The  Catalyst  4948-10GE  offers  48  copper  Gigabit  Ether¬ 
net  and  two  10G  Ethernet  ports,  much  like  competing 
products  from  Extreme  Networks,  Force  10  Networks  and 
Foundry  Networks.  There  are  some  key  differences, 
though:  The  Cisco  switch  has  a  1-rack  unit  (1.75-inch) 
form  factor,  while  Foundry’s  FESX448  occupies  1 .5  rack 
units.  The  Cisco  switch  supports  redundant  power  sup¬ 
plies,  while  redundancy  for  Extreme’s  S400-48t  requires 
one  external  power  supply  (however,  Extreme’s  external 
power  supply  can  be  shared  across  multiple  switches). 
On  the  downside,  Cisco’s  device  is  not  expandable,  un¬ 


like  ForcelO’s  S50,and  its  list  price  is  higher  than  similar¬ 
ly  configured  competitors’  switches. 

Perhaps  the  biggest  difference  is  Cisco’s  use  of  X2  trans¬ 
ceivers  for  10G  Ethernet  interfaces.These  are  roughly  the 
size  of  Gigabit  Ethernet  transceivers,  putting  them  about 
halfway  between  10G  Ethernet  Transceiver  Package 
(XENPAK)  transceivers  and  smaller  10  Gigabit  Small 
Form  Factor  Pluggable  transceivers  (XFP)  in  newer  10G 
switches  from  Force  10,  Foundry  and  Nortel,  among  oth¬ 
ers.  One  consideration  for  adopters  of  multiple  trans¬ 
ceiver  types  is  that  they’ll  have  to  keep  multiple  types  of 
spares  on  hand,  with  prices  well  into  the  thousands  of 
dollars  for  each. 

X2  transceivers  are  functionally  identical  to  XENPAK 
transceivers,  while  XFP  transceivers  offload  the  serializ¬ 
er/deserializer  (Serdes)  function  to  the  switch’s  circuit 


Cisco’s  Catalyst  4948-10GE  is  low  on  latency 

On  average,  the  Catalyst  4948-10GE  held  up  traffic  on  10-Gigabit  Ethernet  interfaces  only  around  4 
microseconds  for  most  frame  lengths. That's  the  lowest  latency  we've  recorded  for  any  10-Gigabit  Ethernet 
switch  we've  tested. 


Frame  length  (bytes) 


The  Breakdown 


L2  switching  performance  15% 

5 

L3  switching  performance  15% 

5 

VLAN  switching  performance  15% 

5 

OSPF  switching  performance  15% 
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2:  Below  average. 
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available. 


board.  Cisco  says  X2s  boost  reliability  because  a  Serdes 
failure  requires  replacement  of  just  a  transceiver  rather 
than  an  entire  switch.  We’re  not  sure  about  that  claim: 
While  it’s  still  relatively  early  for  XFPs,  we’ve  yet  to  junk  an 
XFP  device  because  of  a  Serdes  failure.  We  did  verify  that 
X2  transceivers  interoperate  with  both  XENPAK  and  XFP 
transceivers  over  single-mode  fiber  cabling. 

Peak  performance 

We  stress-tested  the  Catalyst  4948-10GE  in  various 
configurations,  and  it  came  up  aces  in  all  of  them. 
These  configurations  involved  Layer-2  and  -3  switching, 
virtual  LANs  (VLAN)  and  Open  Shortest  Path  First 
(OSPF)  routing,  all  common  tasks  for  an  aggregation 
switch.  We  also  measured  the  switch’s  buffering  and 
unicast  address  learning  capacity. 

We  pounded  the  switch  with  a  traffic  pattern  that 
involved  fully  meshed  traffic  between  all  48  Gigabit 
Ethernet  ports,  as  well  as  traffic  between  the  two  10G 
Ethernet  ports  (see  How  we  did  it,  page  41).  No  pro¬ 
duction  network  (hopefully)  ever  sees  traffic  like  this, 
but  it  does  allow  us  to  determine  the  limits  of  system 
performance. 

The  Layer-2  and  -3  switching  tests  were  simple, with  only 
one  media  access  control  (MAC)  and/or  IP  address  per 
port.  For  the  VLAN  tests,  we  defined  28  VLANs  on  each 
Gigabit  Ethernet  port,  for  a  total  of  1 ,344  VLANs.  For  the 
OSPF  tests,  we  used  the  Spirent  SmartBits  traffic  genera¬ 
tor/analyzer  to  emulate  10,000  networks  with  250  hosts 
on  each.  Because  this  last  test  involved  2.5  million  flows, 
it’s  a  good  way  to  determine  if  performance  degrades  as 
flow  count  rises. 

In  all  tests,  the  Catalyst  4948-iOGE  delivered  line-rate 
throughput  of  up  to  101.19  million  frames  per  second  (see 
online  chart,  www.networkworld.com,  DocFinder  8726). 

We  also  measured  latency  —  the  time  needed  by  the 
switch  to  forward  each  frame  at  the  throughput  rate  (see 
graphic,  left).  Average  latency  hovered  in  the  range  of  4 
microsec  for  most  frame  lengths,  a  new  low  among 
Ethernet  switches  we’ve  tested.  All  latency  numbers  we 
recorded  are  at  least  one  order  of  magnitude  below  the 

See  Cisco,  page  41 
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Freeze 

continued  from  page  37 

Following  compilation  of  the  results 
Segal  flew  to  Balls’  headquarters  to  pre¬ 
sent  his  findings. 

On  an  annualized  basis,  Balls  employees 
behaved  far  better  than  counterparts  at 
other  similarly  sized  companies  audited 
by  Networks  Unlimited. 

Where  Balls  staffers  spent  just  686  hours 
accessing  Web-based  e-mail,  workers  at  a 
midsize  medical  center  wasted  1 ,477 
hours,  while  employees  at  a  similarly  sized 
law  firm  squandered  6,525  hours. 

The  law  firm  logged  visits  to  dozens  of 
gambling  sites,  with  activity  dipping  during 
lunch  and  plummeting  after  6  p.m.There’s 
only  one  interpretation,  according  to 
Segal:“They’re  visiting  these  sites  during 
working  hours.”  At  the  law  firm,  the  top 
source  of  downloaded  streaming  media 
was  espn.com.  At  another  law  firm,  identi¬ 
cal  time-of-day  usage  patterns  were  noted 


for  sites  featuring  adult  content.The  con¬ 
clusion  was  that  employees  are  surfing 
when  they  should  be  working,  and  they 
rarely  skip  lunch. 

Where  Balls  reported  no  Internet  radio 
streaming  downloads,  the  law  firm,  during 
its  one-week  audit  period,  logged  more 
than  3G  bytes  of  streaming  content.That 
one  non-business-related  activity  works 
out  to  more  than  156G  bytes  over  the 
course  of  a  year. 

At  Balls  Food,  employees  spent  429  hours 
at  personal  shopping  sites,  compared  with 
a  slightly  more  than  average  2,073  hours  by 
staffers  at  the  medical  center. 

“There  can  be  no  doubt  that  because 
Balls  started  with  a  closed  policy,  it  has 
maintained  control  and  protected  its 
network,  data  and  the  company  itself,” 
Segal  says. 

With  dozens  of  audits  performed  over 
the  last  two  years,  Networks  Unlimited  is 
seeing  personal  usage  patterns  change  sig¬ 
nificantly  Peer-to-peer  activity  once  typified 


by  download  services  such  as  Napster, 
has  dropped  steadily,  while  instant  mes¬ 
saging  use  has  risen  dramatically. Visits  to 
sites  featuring  adult  content  have 
remained  largely  constant. 

More  to  do 

Despite  the  restrictive  policies  that  pro¬ 
hibit  access  to  all  but  a  handful  of  careful¬ 
ly  chosen  Web  destinations,  Balls  Food  is 
about  to  embark  on  a  corporate-wide 
deployment  of  the  Websense  security  and 
filtering  platform.  Its  policies  already  run¬ 
ning  contrary  to  conventional  thinking, 
Fischer,  perhaps  not  surprisingly  takes  a 
contrarian  view  of  Websense,  too. 

“Most  companies  use  Websense  to  clamp 
down  on  employee  Internet  activity  We’ll 
do  the  exact  opposite;  1  see  it  as  a  way  to 
gradually  widen  Internet  access,”  he  says. 

Fischer  is  realistic  enough  to  know  that 
Balls’  policy  of  granting  access  on  an 
employee-by-employee  and  site-by-site 
basis  simply  doesn’t  scale  up  for  corpora¬ 


tions  with  thousands  of  employees. 

“What  these  companies  must  do  is  actu¬ 
ally  enforce  their  electronic  use  policies 
and  prohibit  access  to  anything  that 
wastes  company  resources  or  endangers 
the  network,”  Fischer  says. 

Shore  is  a  technology  journalist  in 
Southborough,  Mass.,  who  provides  prod¬ 
uct-strategy  consultation  and  editorial-devel¬ 
opment  services  to  technology  companies. 
He  can  be  reached  at  www.joelshore.com. 


Balls  vs.  the  world 

Go  online  for  a  detailed  chart  showing  how  unauthorized 
Internet  usage  at  Balls  Food  Stores  compares  with  the 
average  company  audited  by  Networks  Unlimited 

DocFinder:  8725 


How  we  did  it 


•  ;  '  ' 


We  assessed  the  Catalyst  4948-1 0GE  in 
terms  of  performance,  security  and 
features.  We  tested  performance  in  six 
areas:  throughput/latency  in  L2,  L3,  Open 
Shortest  Path  First  and  virtual  LAN  configura¬ 
tions;  buffering  capacity  during  congestion; 
and  unicast  MAC  address  capacity. 

To  test  throughput  and  latency,  we  config¬ 
ured  a  Spirent  SmartBits  traffic  generator/ana¬ 
lyzer  to  offer  traffic  to  ail  48-Gigabit  Ethernet 
switch  ports  in  a  fully  meshed  traffic  pattern, 
while  simultaneously  offering  traffic  to  both 
10  Gigabit  Ethernet  switch  ports  in  a  port-pair 
traffic  pattern.  We  repeated  this  test  with  nine 
Ethernet  frame  lengths:  64-,  128-,  256-,  51 2-, 
1024-,  1280-,  1518- ,  9000-,  and  9216-byte 
frames.  In  all  cases,  we  configured  Spirent's 
TRT  Interactive  5.0  application  to  offer  traffic 
for  60  seconds,  and  recorded  throughput  and 
average  latency  measurements. 

We  ran  these  tests  with  the  Catalyst  4948- 


10GE  in  L2  (bridging)  and  L3  (IP  forwarding) 
configurations.  We  then  enabled  1,344  virtual 
LANs  on  the  Catalyst  4948-1 0GE  (28  per 
Gigabit  Ethernet  port)  and  reran  the  same 
traffic  pattern.  We  also  tested  with  OSPF 
enabled.  In  the  OSPF  tests,  we  established  one 
adjacency  with  each  Gigabit  Ethernet  inter¬ 
face  and  advertised  a  total  of  10,000  networks 
and  offered  traffic  to  250  hosts  on  each  net¬ 
work,  for  a  total  of  2.5  million  flows. 

To  measure  buffering  capacity,  we  offered 
traffic  at  line  rate  to  two  Gigabit  Ethernet 
switch  ports,  both  destined  to  the  same  out¬ 
put  port.  We  measured  delay  on  the  output 
port  to  determine  buffer  capacity.  We  then 
repeated  the  same  test  with  a  10-to-l  over¬ 
load. 

To  determine  MAC  address  capacity,  we 
used  Spirent's  SmartWindow  application  to 
offer  various  numbers  of  addresses  in  learn¬ 
ing  and  test  phases  as  described  in  RFC  2889. 


Cisco 

continued  from  page  40 

point  where  they  would  affect 
even  the  most  time-sensitive 
application.  Latency  and  jitter 
were  also  remarkably  low  and 
constant  for  the  Gigabit  Ethernet 
interfaces. 

We  also  measured  the  switch’s 
buffering  capacity,  or  how  long  it 
holds  up  traffic  when  it’s  over¬ 
loaded.  With  both  two-to-one 
and  10-to-one  overloads,  the 
maximum  delay  we  observed 
was  about  1.4  millisec  for  64-byte 
frames;  26  millisec  for  1,518-byte 
frames;  and  128  millisec  for 
9,000-byte  frames.  None  of  these 
worst-case  results  are  likely  to 
degrade  application  perfor¬ 
mance  in  production  networks. 

Cisco  says  the  Catalyst  4948- 
10GE  can  keep  track  of  55,000 
unicast  MAC  addresses  without 
flooding.  We  verified  that  claim 
by  offering  54,999  addresses  of 
our  own,  which,  added  to  the 


Global  Test  Alliance 


■  Newman  also  is  a  member  of 
the  Network  World  Lab  Alliance,  a 
cooperative  of  the  premier  testers 
in  the  network  industry,  each 
bringing  to  bear  years  of  practi¬ 
cal  experience  on  every  test.  For 
more  Lab  Alliance  information, 
including  what  it  takes  to  become 
a  partner,  go  to  www.network 
world.com/alliance. 


switch’s  own  address,  matches 
the  data-sheet  claim. 

Security  features 

The  Catalyst  4948-1 0GE  has  a 
well-stocked  security  arsenal. 
Like  many  other  switches,  it  sup¬ 
ports  802. IX  user  authentication, 
Secure  Shell  v2  for  remote 
access,  and  access  control  lists. 
The  switch  offers  many  other 
security  features,  as  well. 

The  port  security  feature  allows 
the  switch  to  learn  the  MAC 
addresses  of  attached  hosts,  even 
across  reboots,  preventing  spoof¬ 
ing  and  boosting  reliability. 

DHCP  snooping  enables  the 
switch  to  listen  for  and  reject 
responses  from  rogue  DHCP 
servers,  thus  preventing  an 
attacker  from  misconfiguring 
hosts  and  redirecting  traffic. 
DHCP  snooping  also  can  rate- 
limit  traffic  to  legitimate  DHCP 
servers,  preventing  denial-of-ser- 
vice  attacks. 

The  IP  source  guard  feature 
builds  on  DHCP  snooping  to  pre¬ 
vent  an  attacker  from  using  a 
legitimate  user’s  IP  address  to 
inject  spoofed  traffic. The  device 
builds  a  table  that  associates  IP 
addresses  with  switch  ports.  If  an 
attacker  tries  to  send  traffic  with 
a  source  IP  address  already  reg¬ 
istered  to  another  port,  the 
switch  drops  the  traffic. 

Both  DHCP  snooping  and  IP 
source  guard  both  work  on 
802. IQ  trunks,  802. 3ad  link 
aggregation  trunks  (or  Cisco 
EtherChannels),  and  private  vir¬ 
tual  LANs,  as  well  as  on  individ¬ 


ual  ports. 

The  Dynamic  ARP  inspection 
(DAI)  feature  blocks  attackers 
from  using  Address  Resolution 
Protocol  (ARP)  cache  poison¬ 
ing,  a  relatively  easy  and  com¬ 
mon  exploit  for  many  other 
switches  and  routers.  By  sending 
gratuitous  ARP  messages  to 
many  switches  and  routers,  an 
attacker  can  redirect  traffic  to 
and  from  a  legitimate  user’s  IP 
address,  thus  capturing  pass¬ 
words,  e-mail,  VoIP  calls  or  any 
other  traffic.  DAI  thwarts  this 
attack  by  maintaining  a  table  of 


IP-MAC  bindings,  and  dropping 
traffic  to  MAC  addresses  not  list¬ 
ed  in  the  binding  table. 

Our  only  complaints  with  the 
Catalyst  4948-1 0GE  are  minor:  Is 
relatively  high  list  price  (often 
discounted  in  large  deals);  its 
lack  of  expandability;  the  possi¬ 
ble  need  to  stock  multiple  10G 
transceiver  types;  and  its  lack  of 
IPv6  support  (which  isn’t  yet  a 
requirement  for  many  network 
managers,  anyway).  In  every 
other  respect,  the  switch  is  a 
standout.  It  brings  line-rate 
throughput,  minimal  latency  and 


innovative  security  features  to 
data  center  networks. 

Newman  is  president  of 
Network  Test,  an  independent 
engineering  services  consultancy 
in  Westlake  Village,  Calif.  He  can 
be  reached  at  dnewman@net- 
worktest.com. 

Thanks 

Network  World  gratefully 
acknowledges  the  support  of 
Spirent  Communications,  which 
supplied  its  SmartBits  traffic  gen¬ 
erator/analyzer  system. 


If  you  have  IT,  you  have  some  kind  of  pain.  There's  no  escape. 
But,  Raritan  has  solutions  that  can  provide  relief. 

•  Perhaps  you  have  a  problem  with  secure  remote  access? 

•  An  obsession  with  uptime? 

•  Or  you're  getting  kicked  by  the  need  to  manage 
increased  complexity  and  rising  costs? 

Come  to  the  site.  Find  your  solution.  Reduce  your  pain 
and  suffering,  as  well  as  increase  your  ROI. 


Raritan 


When  you're  ready  to  take  control.™ 
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Analytics  heats  up 

Corporate  data  is  only  as  useful  as  the  information  you  can  extract  from  it. 


BY  STACY  COWLEY 

hen  business-analytics  pro¬ 
jects  work,  the  success  sto¬ 
ries  can  be  dramatic. Witness 
the  results  posted  by  the  Dreyfus 
Corp.,  which  manages  $165  billion 
in  mutual  fund  assets.  Looking  for  a 
way  to  lower  churn  and  draw  more 
business  from  current  customers, 
the  company  rolled  out  CRM  and 
analytics  software  from  SAS  Institute 
in  the  late  1990s  and  pored  through 
the  data. 

It  found  several  red  flags.  Sudden  increases  or  decreases 
in  a  customer’s  contact  with  Dreyfus.  More  transactions 
between  a  customer’s  funds.  Soon  Dreyfus  had  a  model  it 
could  use  to  proactively  seek  out  potentially  restless  cus¬ 
tomers  and  target  them  with  tailored  sales  calls.The  com¬ 
pany  watched  its  investment  redemption  rate  drop  from 
more  than  20%  annually  to  as  low  as  7%,  while  its  overall 
customer  attrition  fell  nearly  50%. 

Such  tales  are  driving  interest  in  analytics  software,  a 
broad  field  IDC  estimates  grew  12%  in  2004,to  $15.1  billion 
worldwide.  It  shares  a  fuzzy  border  with  the  even  broader 
market  for  business  intelligence  (BI)  software,  an  umbrella 
term  encompassing  products  that  range  from  technical 
tools  for  storing  and  modeling  data  to  high-level  applica¬ 
tions  that  present  corporate  data  in  user-friendly  formats, 
such  as  scorecards  and  dashboards. 

BI  for  the  masses  is  a  trend  industry  analysts  have  talked 
about  for  years  with  growing  fervor  and  conviction.  As  com¬ 
panies  become  sawier  at  using  enterprise  applications 
such  as  CRM,  the  pool  of  data  available  for  analysis  grows 
larger  and  more  detailed.  Regulatory  changes  such  as  the 
Sarbanes-Oxley  Act  are  forcing  businesses  to  strengthen 
their  corporate  data-tracking  and  analysis  systems. 
Meanwhile,  as  software  advances,  increasingly  sophisticat¬ 
ed  tools  are  available  to  help  non-IT  staffers  such  as  sales 
and  finances  executives  tap  into  business  data. 

“The  big  movement  has  been  toward  consolidating 
products  into  suites,”  says  Nucleus  Research  analyst  Kathy 


Quirk.  “Historically,  BI  tools  were  used  by  a  small  percent¬ 
age  of  people  within  the  company  Often  you  had  to  get  the 
IT  department  involved  to  produce  the  reports  and  pull 
the  data  together.  The  move  now  is  to  reach  out  to  your 
basic  business  user” 

One  customer  that  recently  picked  Siebel  Systems  to 
underpin  a  major  software  overhaul,  Sierra  Health 
Services,  did  so  in  part  because  of  the  CRM  vendor’s  com¬ 
plementary  analytics  software.  Including  hardware,  ser¬ 
vices  and  software,  the  Sierra  Health’s  CRM  overhaul  is 
budgeted  at  around  $5  million. 

The  Las  Vegas  medical  provider  runs  a  variety  of  health¬ 
care  businesses  that  serve  580,000  customers  throughout 
Nevada.The  organization  is  outgrowing  its  6-year-old  CRM 
system  from  Onyx  Software.  “It  was  highly  customized, 
and  that  creates  roadblocks  to  be  able  to  upgrade  cost 
effectively  says  CIO  Bob  Schaich.“We  knew  we  essential¬ 
ly  had  to  have  a  complete  replacement  with  the  latest 
and  greatest.” 

As  Schaich  evaluated  vendors,  he  was  drawn  to  Siebel’s 
analytical  software  for  studying  sales  performance,  market¬ 
ing  campaigns  and  customer  retention  programs.  “That 
was  a  real  value-add  for  us,”  he  said.“It  helped  them  get  on 
our  short  list.” 

Alltech  Biotechnology  Global  MIS  Projects  Manager  Eric 
Piersol  can  point  to  one  very  tangible  benefit  from  his 
company’s  analytics  initiatives:  No  more  animal  feed  addi¬ 
tives  rotting  in  Turkish  import  warehouses. 

The  Nicholasville,  Ky,  company  has  operations  in  more 
than  50  countries,  a  number  of  which  import  products 
from  manufacturing  plants  elsewhere  in  the  world. 
Because  import  taxes  aren’t  charged  until  the  company 
formally  accepts  shipped  items,  shipping  docks  can 
become  ad  hoc  storage  sites  for  Alltech.  However,  timing  is 
critical:  The  company’s  animal  nutrition  products  carry 
strict  expiration  dates. 

“What  actually  did  happen  once  was  that  quite  a  bit  of 
product  expired,”  Piersol  says.“If  we  imported  it  to  throw  it 
away  we’d  have  to  pay  tax,  but  we’d  also  have  to  pay  to  ship 
it  back  to  Ireland  —  it  becomes  an  expensive  mess.” 

Alltech  last  year  replaced  its  aging  reporting  software 
with  an  analytics  package  from  Exact  Software,  which  also 
makes  Alltech’s  ERP  system.  The  software  integrates  data 
from  Alltech’s  dozens  of  worldwide  ERP  installations  — 
each  country  maintains  its  own  database  —  and  uses 
online  analytical  processing  (OLAP)  technology  to  create 
multidimensional  data  “cubes”  that  can  then  be  sliced  up 
as  needed  by  individual  users.  Alltech  sends  the  cubes  out 
daily  to  relevant  staffers.  A  production  report  that  previ¬ 
ously  took  days  for  an  operations  manager  to  compile  now 
can  be  produced  in  half  an  hour,  Piersol  says. 

Analytics  project  costs  and  returns  vary  as  widely  as  the 
projects  companies  choose  to  tackle.  A  Nucleus  Research 


ROI  study  of  SPSS  projects  calculated  the  average  initial 
cost  of  a  deployment  at  $153,000.The  report  found  94%  of 
customers  reporting  positive  ROI,  with  an  average  payback 
period  of  just  10.7  months. 

For  network  managers,  analytics  projects  might  entail  a 
traffic  swell  —  or  they  might  generate  no  impact  at  all.“We 
didn’t  experience  much  of  a  surge  in  terms  of  bandwidth,” 
Piersol  says,  but  the  project  does  tax  Alltech’s  e-mail  sys- 
tem.The  daily  arrival  of  multi-megabyte  data  cubes, some¬ 
times  several  at  once,  caused  problems  for  staffers  in  low- 
bandwidth  areas,  so  Alltech  is  working  on  switching  cube 


Big  business 

The  analytics  market  includes  tools  and  applications 
for  tracking,  storing,  analyzing  and  presenting  data 
useful  in  automating  decision  making  and  reporting 
processes,  according  to  IDC.  Here  are  the  top  10 
analytics  vendors  by  revenue: 


Vendor 

2004  analytics  revenue 

2004  share 

Oracle  Corp. 

$2  billion 

13.2% 

IBM 

$1.4  billion 

9.5% 

SAS 

$1.2  billion 

vp 

ov 

cd 

Microsoft 

$873.8  million 

5.8% 

Business  Objects 

$802.9  million 

5.3% 

Cognos 

$645.7  million 

4.3% 

Hyperion 

$551.2  million 

3.6% 

SAP 

$462.8  million 

GO 

NP 

cN 

NCR  Teradata 

$411.5  million 

2.7% 

Fair  Isaac  Corp. 

$391  million 

2.6% 

SOURCE:  IDC  JULY  2005 


delivery  from  e-mail  to  FTP 

“Network  implications  of  analytic  solutions  are  depen¬ 
dent  upon  the  size  of  the  user  base,  the  frequency  of  data 
delivery  and  the  size  of  the  data  files  being  delivered  to 
end  users,”  Nucleus’  Quirk  says.  “We’ve  seen  some  users 
choose  to  expand  their  network  capacity  when  working 
on  Bi/analytical  solution  deployments. 

IT  leaders  embarking  on  analytics  projects  must  go  in 
with  very  clear  ideas  about  what  information  they  have 
and  what  they  want  to  extract,  Quirk  advises.“They  need  to 
take  a  hard  look  at  all  their  data  sources.  Often  the  difficult 
part  of  these  projects  is  connecting  all  the  pieces  together," 
she  says.  ■ 

Cowley  is  a  correspondent  with  the  IDG  News  Service.  She 
can  be  reached  at  stacy_cowley@idg.com. 
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What's  on  your 

Network? 

Find  out  with  NetSupport... 


Centrally  Discover,  Support  and 
Manage  your  Systems.  Anywhere. 


Do  you  know  where  your  oldest  computer  is?  Need  to  locate  and  upgrade  your 
Windows  98  systems?  Are  you  overpaying  on  unused  software  licenses?  Which 
employees  are  spending  the  most  time  surfing  the  web?  Find  out  fast  with 
NetSupport  DNA. 

Managing  your  company's  IT  assets  means  more  than  just  selection  and 
maintenance.  Reporting,  inventory,  deployment  and  forecasting  are  also  part  of  the 
job.  NetSupport  DNA  is  an  easy  to  use  IT  asset  management  solution  that  provides 
you  with  the  tools  you  need  to  get  to  know  your  network. 

Unlike  other  solutions,  NetSupport  DNA  does  not  require  certified  training  or  have  a 
complex  implementation  path.  It  offers  all  of  the  functionality  you'd  expect  from  an 
award  winning  asset  management  suite,  but  with  only  a  30  minute  implementation 
path. 

NetSupport  DNA  combines  powerful  hardware  and  software  inventory  with  software 
distribution,  application  and  internet  metering,  pc  remote  control,  enterprise 
reporting  and  a  web-based  help  desk  solution. 


NETSUPPORT 
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NeM-Supp^t- 


\ 


Visit  www.netsupport-inc.com  and  download  a  full  trial  license  today.  Sales:  1-888-665-0808 

And  in  30  minutes  start  viewing  your  vital  Asset  Information.  www.netsupport-inc.com 


Desktop  with  Spider ,S1991 
Network  with  Spider  i|,tm 
WebwithSpider,— 
publish  for  CD/DVDs  |W"S 

c„ni„eforWin*.NET 


Linux 
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Instantly  Search 
Terabytes  of  Text 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF  while  displaying  embedded 
links,  formatting  andBUESS^ 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 
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Reviews  of  dtSearch 

♦“The  most  powerful  document  search  tool  on  the  market”  —  Wired  Magazine 

♦“dtSearch  ...  leads  the  market”  —  Network  Computing 

♦  “Blindingly  fast”  —  Computer  Forensics:  Incident  Response  Essentials 

♦“A  powerful  arsenal  of  search  tools”  —  The  New  York  Times 

♦“Super  fast,  super-reliable”  —  The  Wall  Street  Journal 

♦“Covers  all  data  sources ...  powerful  Web-based  engines”  —  eWEEK 

♦“Searches  at  blazing  speeds”  —  Computer  Reseller  News  Test  Center 

See  www.dtsearch.com  for  hundreds  more  reviews  &  case  studies 


1-800-IT-FINDS  •  www.  Itse  a 
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How  much  can  your  network  analyzer  see? 

Observer  is  the  only  fully  distributed  network  analyzer  built  to 
I  monitor  the  entire  network  (LAN,  802.1 1  a/b/g,  Gigabit,  WAN). 

Download  your  free  Observer  10  evaluation  today  and  experience 
more  comprehensive  real-time  statistics,  more  expert  events,  and 
more  in-depth  analysis  letting  you  dive  deeper  into  your  network 
than  ever  before.  Choose  Observer. 

-  BRRGER-  Guard  against  the  latest  network  threats  by  identifying 
and  isolating  infected  systems  automatically. 

-DRTR  Mini  nG-  Analyze  gigabit  traffic  and  massive  amounts 
of  data  with  Observer's  expanded  options  for  data  mining. 

-JLiriK  TRAFFIC-  Identify  broadcast  storms,  monitor  excessive 
traffic,  and  optimize  bandwidth  with  Observer's  many  utilization 
metrics  and  over  30  real-time  statistics. 


US  &  Canada  toll  free  800.526.5958 

fax  952.932.9545 

UK  &  Europe  +44  (0)  1959  569880 

www.networkinstruments.com/analyze 
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RackView 

Keyboard 


800-333-9343 

WWW.ROSE.COM 


ROSE 

ELECTRONICS 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+44  (0)  1264  850574 
+65  6324  2322 
+  617  3388  1540 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 
1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2X4,  2x8,  2x16, 
4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 


LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 


UltraMatrix™ 

Remote 


UltraMatrix™ 

E-series 


■  PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


Xtendvue 

Vertical  Rack  mountable  LCD 
With  Buit-in  KVM  Extender 


RackView 


Fold-Forward 


OVER  IP 


■  MATRIX  KVM  SWITCH  WITH 

INTEGRATED  REMOTE  ACCESS  OVER  IP 


KVM 


KVM  SWITCH 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  units 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand 


■  KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 


RackView 

Fold-Back 


RackView 
LCD  Monitor 


RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
server  rooms  and  multiple  computers. 

The  RackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contain  a  high-resolution  TFT/LCD  monitor,  a 
tactile  keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 
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Dealers  Wanted 


Monitotinq 


Control 

Interface 


Port 


Modem 
&  Pager  Port 


( ItrrifMffulure,  Hutntdily, 
Water,  Ktotian ,  Power, 
Smoke/fire) 

Expandable 


Monitor  the  REST  of  your  Computer  Room! 


Scndi 


Monitors 

64 


SNMP 


Messages  IP  addresses 


•  Water  on  the  Floor 

•  Temperature 

•  Power  Problems 

•  Security 

•  Smoke  and  Fire 

•  Humidity 

•  Video 

•  And  much  more 
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Embedded 

Web 


Sends 

E-Mail 


— - - 


Power 

Outage 

Alirmtnn 


Internal 

UPS 


SENSAPHONE 

Tel:  877-373-2700 

901  Tryens  Road 

www.ims-4000.com 

Aston,  PA  19014 

Production  Tracking  Over  Ethernet 
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BOBSBE 

0H0B0B 

BBBBBB3 


Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


Features  C  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 

Program  Included  ^£7 

•  Larger  keyboard  and 
display  sizes  available 


C( AIR  IKI IWISE. 

Gall  1-800-255-3739  or  visit  www.compnterwise.com 


How  Do  You  Distribute 
Power  in  Your  Data 
Center  Cabinet? 


With  Sentry! 

CDU  Product  Family:  Metered,  Smart  &  Switched 

The  Sentry  CDU  distributes  power  for  Blade  servers  or  up  to  42  dual 
power  1U  servers  in  one  enclosure.  Single  or  3-phase  input  with 
110VAC,208VAC  or  mixed  110/,  18VAC  single-phase  outlet  receptacles. 


Metered  CDU 

>  Local  input  Current  Monitoring 
Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Tempera  re  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Server  Technology 

Soil, *i O.OS  for  the  Data  Center  Equipment  Cal  * 

Server  Technology,  Inc.  toil  free  -1.800.835.1 51 5 

1040  Sandhill  Drive  tel  +1,775.284,2000 

Reno  MV  89521 -USA  fa*  +1.775  234.2065 

vwv'.v  servertech  com  sales'S'servertech.corn 


Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 
—  On  /  Off  /  Reboot 


: 


1.408.727.1122 

mmmim&em 

info@recurrent.com 

meCS^R^jt 


3431  De  La  Cruz  Blvd,  Santa  Clara,  CA  95054 


Climate  Monitor 

$399 


Heat 

Humidity 

Air  Flow 

Sound 

Doors 

Power 

Camera 


(512)257-1462  ITWatdidogs 


Terminal  server  vendors,  who  proclaim  that 
they  have  Secure  Out  Ot  Band  products,  rely 
on  RADIUS,  TACACS+  and  other  in-band 
protocols  to  provide  security.  By  inference, 
they  imply  they  secure  out  ot  band  access 
when,  in  fact,  they  offer  only  network  security, 
which  conflicts  with  out  of  band  access. 


A  true  Secure  Out  of  Band  Management 
solution  should  provide  strong  security  without 
reliance  upon  network-based  protocols. 


CDI  offers: 

p-*  Hardware  encryption  over  dial-up 
and  network  connections 
r1-*  RSA  certified  SecurlD  authentication 
without  a  network. 
r1-*  Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  1 40-2  certifications  #-n. 

Remote  Power  control  *-rr 

Homologous  world-wide  approved  •-ri 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military 


Communication  Devices  Inc. 
www.outofbandmanagement.com 


TAP  into  Performance 

Monitor  mission-critical  links  with  the 
latest  technology  through  new  nTAPs 

Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  nTAP  solution  that 
fits  your  network  and  budget.  Visit  www.networkTAPs.com/visibility  today. 


Ethernet  Copper nTAP 

For  copper-to-copper  connections 
Choose  your  speed: 

10/100 . $395 

10/100/1000 . $995 


10/100/1000  Conversion  nTAP 

Copper  input  with  copper  or 
fiber  output  options 
Choose  your  analysis  output: 

SX . $1,495 

LX . $1,495 


|  Optical  Fiber  nTAP 

Multiple  split  ratios 

Choose  your  port  density: 

Single  channel . 

. $395 

Four  channel . 

$1,795 

®  Six  channel . 

$2,395  , 

_ A 

To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
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continued  from  page  1 

data.  The  format-neutral  XML  is 
widely  viewed  as  far  more  flexible 
for  Internet-based  machine-to- 
machine  data  sharing  than  the 
decades-old  electronic  data  inter¬ 
change  (EDI). 

The  JADM  effort  is  intended  to 
preempt  development  of  com¬ 
pany-  and  region-specific  for¬ 
mats  that  —  as  with  EDI  — 
could  prove  incompatible  and 
costly  to  support. 

“China  wants  common  interna¬ 
tional  standards  because  they’re 
dealing  worldwide,”  said  Sherman 
Adams,  a  former  GM  executive 
active  in  the  company’s  joint-ven¬ 
tures  operations  in  Shanghai  and 
now  a  member  of  consultancy 
China  Solutions. 

The  market  for  cars  in  China 
grew  by  14%  last  year  to  about  5 
million  vehicles,  according  to  fig¬ 
ures  cited  at  the  conference.  The 
number  of  cars  sold  annually  in 
China,  now  the  second-largest 
country  in  terms  of  paved  roads, 
will  likely  equal  that  of  cars  sold 
in  North  America  by  2013,  show 
speakers  said. 

Chinese  factories  are  increasing¬ 
ly  automated  but  e-commerce  ex¬ 
change  with  partners  for  orders, 
deliveries  and  shipment  informa¬ 
tion  is  just  beginning,  and  is  made 
difficult  by  the  sometimes  poor 
quality  of  Chinese  T-l  lines,  Inter¬ 
net  service  and  huge  amounts  of 
computer  viruses,  Adams  said. 

The  collaboration  by  the  stan¬ 
dards  groups  —  Japan’s  Japan 
Automobile  Manufacturers  Asso¬ 
ciation,  Europe’s  Odette  and  the 
Standards  forTechnology  in  Retail 


organization  in  the  U.S  —  is  seen 
as  an  important  initiative  to  lift  the 
world  from  its  business-to-busi- 
ness  Tower  of  Babel.  “Today,  we 
signed  a  memo  of  understanding 
on  how  we  express  process 
design  and  how  we  express  XML 
schema  and  formats  we’ll  use,” 
said  Yoshikazu  Shiozawa,  IT  man¬ 
ager  at  Japan’s  Toyota. 

“It’s  a  great  step  forward  for  glob¬ 
al  interoperability’  said  Richard 
Malaise,  CIO  at  the  Reston,  Va., 
National  Automobile  Dealers’ 
Association.“We’ll  have  an  end-to- 
end  repository  for  supply-to-retail 
definitions  of  business  process.” 

JADM  backers  expect  to  have 
several  dozen  business  formats 
published  as  open  source  by 
October. 

Some  at  last  week’s  event 
warned  that  if  the  JADM  effort 
isn’t  successful  within  two  years,  it 
might  be  too  late  to  keep  China 
and  the  rest  of  the  world  from 
building  interoperable  XML-based 
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systems  from  scratch. 

“Suppliers  look  to  their  cus¬ 
tomers  for  direction  on  this,”  said 
Bobby  Patrick,  director  of  market¬ 
ing  at  Global  exchange  Services, 
an  e-commerce  services  provider. 
“We  have  a  couple  of  years  to 
help  get  standards  in  place.  We 
don’t  want  to  re-invent  the  same 
problems  again.” 

The  risk  that  XML  could  end  up 
as  fragmented  as  EDI  seems  high¬ 


ly  possible,  given  that  American 
auto  manufacturers  have  been 
debating  for  more  than  a  year  the 
pros  and  cons  of  two  XML  trans¬ 
port  mechanisms,  Web  services 
and  e-business  XML  (ebXML).  No 
resolution  seems  in  sight. 

“Both  leverage  XML-based  tech¬ 
nologies,  but  they’re  not  compati- 
ble.They’re  not  interoperable,” said 
John  Jackson,  GM’s  director  of 
software  technology  GM  is  betting 


on  ebXML  and  has  installed  prod¬ 
ucts  from  Cyclone  for  data  shar¬ 
ing  with  dealers. 

“The  ebXML  messaging  service 
is  more  robust,”  Jackson  said, 
pointing  out  that  ebXML  includes 
security  features  such  as  non¬ 
repudiation  of  the  message  — 
something  not  yet  addressed  by 
the  Web  services  model. 

At  Ford,  which  supports  Web  ser¬ 
vices,  Software  Architect  Tim 
Fowler  said  some  Web  services 
security  standards  are  undergoing 
final  review  but  that  the  basis  for 
what’s  called  WS  Reliable  Messag¬ 
ing  should  be  ready  soon.  Ford 
uses  Web  services  internally 
based  on  IBM’s  WebSphere. 

Show  organizer  Automotive 
Industry  Action  Group  surveyed 
30  large  truck,  car  and  equipment 
makers  to  get  a  sense  of  which 
technologies  they  are  using  as 
they  move  toward  service-orient¬ 
ed  architectures  (SOA). Almost  all 
of  them  said  they  are  using  Web 
services,  though  a  quarter  also 
said  they  are  using  ebXML. 

“it  looks  like  Web  services  is 
going  to  play  a  prominent  role,” 
Fowler  said.  ■ 


Microsoft,  IBM  addH|  carmaker  needs 


DETROIT  —  At  last  week's  Auto-Tech 

Conference,  Microsoft  and  IBM  separately 
pitched  technology  ideas  as  a  palliative  for 
the  profit-hungry  auto  industry. 

Microsoft  proposed  that  car  manufacturers 
deploy  RFID  tags  on  shipments  of  auto  parts  to 
factories,  on  plant  floors  and  in  vehicles  to 
automatically  pick  up  pricing,  warranty  and 
customer  data  using  RFID  readers.  As  it  hap¬ 
pens,  Microsoft  is  quietly  getting  into  RFID  by 
outfitting  the  Microsoft  BizTalk  Server  to  col¬ 
lect  RFID  data  from  readers,  with  Ford  as  the 
beta  customer. 

"At  Ford,  RFID  tags  placed  on  tractor  trailers 
coming  in  at  one  facility  have  eliminated  40  man¬ 
hours  of  time  per  day,"  said  Kyle  Solomon,  auto¬ 
motive  industry  manager  at  Microsoft. 

Microsoft  last  year  set  up  a  division  to  design 
RFID-based  software  that  is  now  being  tested  by 
RFID  reader  manufacturers  such  as  InterMec, 
Siemens,  Symbol  Technologies  andTechLogic. 

IBM,  meanwhile,  is  putting  automation  technol¬ 
ogy  to  work  for  carmakers  looking  to  streamline 
the  process  of  pinpointing  car  components  not 
performing  up  to  expectation  or  that  might  have 
to  be  recalled  for  safety  reasons. 

Warranty  claims  cost  the  U.S.  auto  industry  $14 
billion  per  year,  according  to  Jan  Beauchamp, 
IBM’s  general  manager  of  global  automotive 
industry.  “For  the  average  vehicle,  this  is  $700," 


Beauchamp  says. 

Beauchamp  says  most  analysis  to  determine 
deficiencies  is  done  manually  by  bringing  together 
dealers'  trouble  reports,  manufacturers'  bulletins 
and  other  sources  to  manually  analyze  the  data  to 
determine  where  problems  might  lie,  she  says. 
Often  this  can  take  months,  which  means  cars 
might  be  sent  off  production  lines  with  parts  that 
could  have  been  improved  if  more  had  been 
known  earlier. 

To  speed  the  analysis  process  through  automa¬ 
tion,  IBM  developed  what  it  says  is  experimental 
technology  called  Quality  Insight  that  can  com¬ 
bine  unstructured  and  text  data  not  only  from  car- 
makers'  back-end  databases,  but  also  from  online 
discussion  forums,  such  as  chat  rooms  or  blogs, 
where  the  first  inklings  of  discontent  might  be 
expressed  by  car  owners. 

International  Truck  and  Engine  helped  IBM  with 
the  software  design  and  tested  it  for  18  months. 
The  package  pulls  together  IBM’s  WebSphere, 
DB2  Content  Manager,  Integrator  OmniFind 
Edition  and  the  Unstructured  Information  Man¬ 
agement  Architecture  with  a  specialized  dictio¬ 
nary  for  the  auto  industry  that  IBM  developed 
specific  to  automotive  problems,  it  appears  able 
to  take  weeks  off  the  analysis  process.  IBM  plans 
similar  versions  for  other  industries,  including 
aerospace,  defense  and  electronics. 

—  Ellen  Messmer 


Revving  up  for  SOAs 


A  sampling  of  results  from  a  survey  of  30  large  auto  manufacturers  regarding  service-oriented 
architectures: 


Do  you  have  a  current  SOA 
strategy? 


it 


At  what  phase  are  your  SOA  Is  your  company  extending 
initiatives?  SOAs  for  business-to- 

business  process  integration? 


Yes  72% 


What  SOA  technology  are  you 

Web 

services 

96% 


Strategy 

19% 


r 

Development  ^ 

'  Package  selection 

5% 


ebXML 

22% 


Other 

30% 


*  More  than  one  response  allowed 


SOURCE:  AUTOMOTIVE  INDUSTRY  ACTION  GROUP 
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Mark  Gibbs 


The  immaturity  of  huge  masses 


Over  the  past  few 
months  Google’s 
power  has  become 
increasingly  apparent.  From 
its  humble  roots  as  yet 

another  search  engine  to  becoming  the  coolest  search 
engine  to  selling  advertising  along  with  searching  to  map¬ 
ping  Earth  and  to  its  spectrum  of  innovative  services, 
Google’s  evolution  was  a  slow  (by  some  standards)  but 
an  extremely  measured  path. 

During  this  evolutionary  process  Google  attracted  much 
attention,  and  its  stated  corporate  philosophy“Do  no  evil,” 
was  taken  seriously  by  employees  and  the  market.The 
company  innovated  and  managed  to  stay  more  or  less 
below  the  market’s  moral  radar. 

So  why  is  it  that  Google  has  become  such  a  force  to 
reckon  with?  Some  would  say  that  beyond  its  smart  mar¬ 
keting  and  cool  technologies,  being  up  to  its  butt  in  cash 
has  something  to  do  with  it.  But  that  misses  the  point. 

What  really  happened  was  that  as  the  company  has 
grown,  it  has  gained  mass  from  the  weight  of  its  corporate 
power.  Its  corporate  power  is  the  sum  of  all  the  little  bits  of 
power  the  company  has  accumulated  through  a  combi¬ 
nation  of  hard  work,  great  selling  and  an  iron  will  to 
explore  strange  new  technologies,  to  seek  out  new  mar¬ 
kets  and  new  sales  opportunities,  to  boldly  go  where  no 
company  had  gone  before  (and  maybe  to  wildly  split 


infinitives  in  the  process). 

Google’s  mass  is  actually  the  most  important  issue.  Just 
like  stellar  bodies,  there  comes  a  point  at  which  the  gravi¬ 
tational  force  of  a  successful  business’s  accumulated  mass 
becomes  so  enormous  that  it  starts  to  collapse  into  a  dif¬ 
ferent  realm  of  business  physics. 

Depending  on  the  initial  conditions,  businesses,  like 
stars,  can  collapse  under  their  own  weight,  becoming 
black  holes  that  effectively  (as  far  as  we  know)  drop  out 
of  the  “normal”  universe  and  sit  there  sucking  in  anything 
that  comes  within  reach.  (I’m  sure  I  could  beat  this  stellar 
metaphor  to  a  pulp,  but  frankly  I’ve  had  enough  of  it.) 

The  real  question  is  this:  Is  Google  really  like  Microsoft? 
Sure.  Google  is  almost  as  powerful,  but  what  it  isn’t,  so  far 
at  least,  is  willing  to  bend  the  rules  in  the  ways  that  Micro¬ 
soft  has.  And  so  far,  it  has  kept  its  behavior  clean  and  fair. 

At  least,  it  had  until  the  CNET  thing  blew  up.  In  case  you 
missed  Buzz  on  Aug.  15  and  22,  Google  seemed  to  lose  its 
collective  minds  recently  and  got  annoyed  with  CNET  for 
(so  it  is  claimed)  Googling  Google’s  CEO,  Eric  Schmidt.  In 
fact,  Google  was  so  annoyed  that  it  decided  to  not  talk  to 
CNET  for  a  year.  So  there  CNET,  take  that. 

If  that  were  the  complete  story  I  would  be  appalled  that 
Google  could  be  so  childish,  but  unfortunately  I  don’t 
have  the  complete  story  I’ve  read  everything  I  could  find 
about  the  fracas  and  it  simply  doesn’t  make  any  sense. 
What  was  it  about  the  information  revealed  that  Google 


considered  inappropriate?  Why  won’t  Google  explain  its 
thinking?  Anyway,  if  Google  indexed  that  information,  how 
private  could  they  have  considered  it  to  be?  Questions, 
questions,  questions. 

As  neither  side  in  the  dispute  has  come  clean  on 
specifics,  we,  the  great  unwashed,  can  have  no  opinion.lt 
is  simply  a  spat  between  two  companies,  both  of  which 
should  know  better.  In  CNETs  case,  its  lack  of  a  real  expla¬ 
nation  is  bizarre.  In  Google’s  case,  its  actions  and  lack  of 
explanation  are  bizarre  and  indefensible,  but  quite  in 
keeping,  returning  to  our  stellar  metaphor,  with  having 
gone  over  the  business  event  horizon. 

So  is  Google  becoming  evil?  I  doubt  it.  Just  like  Microsoft 
once  was  good  and  then  became  the  company  we  know 
and  love  today,  success  and  immaturity  evolved  together. 
No  matter  how  smart  some  key  employees  might  be,  the 
fact  is  that  it  takes  only  a  few  children  in  the  business  to 
turn  a  smart  young  company  into  a  stupid  old  company 

If  we’re  lucky  Google,  by  virtue  of  its  strong  internal  cul¬ 
ture  and  its  traditional  “Do  no  evil”  philosophy  might  be 
able  to  reestablish  its  maturity  If  it  doesn’t  do  that  quickly, 
however,  it  runs  the  risk  of  becoming  like  Microsoft;  not 
truly  evil,  just  hugely  immature, self-absorbed  and  willful. 

f  * 

So  who’s  your  daddy?  Tell  backspin@gibbs.com  and 
check  Gearblog  ( www.networkworld.com/weblogs/gear 
blog). 


Woman  catches  flasher  with  camera  phone 

A  New  York  City  woman  has  struck  a  blow  for  female 
subway  riders  everywhere  by  catching  a  flasher  in  the 
act  with  her  camera  phone. 

Twenty-two-year-oldThao  Nguyen  was  riding  the  R 
train  on  Aug.  18  when  the  man  sitting  across  from  her 
decided  to  give  her  a  little  show.  Nguyen,  refusing  to  be  flustering,  one-upped  the  perv 
by  pulling  out  her  1.3-megapixel  Samsung  P777  camera  phone  and  snapping  a  clear 
image  of  the  man  in  the  act.  She  uploaded  the  photo  and  her  story  to  Flickr.They  were 
quickly  snapped  up  by  the  New  York  Daily  News,  which  gave  the  perv  his  15  minutes  of 
fame  on  the  front  page  last  week.  Since  then,  several  other  victims  have  come  forward 
and  authorities  say  the  man  may  have  been  identified. 

www.networkworld.com,  DocFinder:  8738 

Google  losing  ground  in  China 

With  news  of  fresh  Google  offerings  hitting  the  press  seemingly  every  week,  we 
were  surprised  to  see  the  recent  headline  “Google  Losing  Ground  in  China."  It 
seemed  as  if  every  Google  endeavor  turned  to  gold,  but  not  so,  as  a  Chinese  'Net 
research  group  reports  that  Google  is  losing  the  search  engine  battle  to  its  biggest 
Chinese  rival,  Baidu.com. 

China  Internet  Network  Information  Center  says  Baidu.com’s  market  share  is  now 
52%,  compared  with  Google’s  33%.  With  its  Internet  population  of  103  million  (sec¬ 
ond  only  to  the  U.S.),  China  is  the  next  big  prize  for  large  network  vendors  and 
Internet  behemoths. That’s  why  Google  and  Microsoft  are  fighting  over  the  services 
of  Kai-Fu  Lee,  who  left  Redmond  to  head  up  Google's  China  initiative  this  summer, 
sparking  a  still-unresolved  lawsuit.  It's  also  why  Google  last  year  bought  a  2.6% 
stake  in  Baidu.com,  a  move  that  could  lead  to  an  outright  Google  buyout. 

DocFinder:  8739 

Gap  shutters  online  shopping  site 

If  they  have  to  overhaul  their  site,  most  retailers  will  work  on  it  during  off-peak 


hours  or  take  down  parts  instead  of  putting  up  an  “Linder  construction"  sign  and 
shutting  it  down  altogether.  Most  retailers,  that  is,  except  the  Gap. 

The  Associated  Press  reports  Gap  has  shuttered  the  popular  Gap.com  and 
OldNavy.com  sites  as  it  overhauls  them  in  anticipation  of  the  holiday  shopping  season. 

"We  think  this  is  going  to  make  for  a  more  compelling  and  exciting  experience  for 
shoppers,"  spokeswoman  Kris  Marubio  said. 

Except  for  those  who  want  to  shop  online  now,  that  is. 

DocFinder:  8740 

Apple's  genius  Mac  mini  move 

If  you’re  still  unconvinced  that  the  Apple  gang  are  PR  geniuses,  check  this  out: 

Last  week  on  Apple.com,  the  company  posted  an  offer  in  which  people  could  test  drive 
the  new  Mac  mini  for  a  month,  and  if  they  didn’t  like  it,  they’d  get  their  money  back. 

"News  of  the  deal  quickly  spread,  and  it’s  being  widely  suggested  that  the  offer 
became  rapidly  oversubscribed,  prompting  Apple  to  withdraw  the  offer  to  any  fur¬ 
ther  customers,"  writes  The  Register.  Nicely  done,  Fruit  Co. 

DocFinder:  8741 

Trek  communicator  phone  on  the  way 

Finally!  Sona  Mobile  and  Nickelodeon  &  Viacom  Consumer  Products  have 
announced  they’ll  release  a  mobile  phone  this  month  modeled  on  the  StarTrek  com¬ 
municator,  the  granddaddy  of  today's  clamshell  flip-top  cell  phones. 

According  to  Sci  Fi  Wire:  “The  special-edition  StarTrek  Communicator  Phone  will 
offer  fans  the  ability  to  play  a  multiplayer  onlineTrek  game,  stream  real-time  video 
and  surf  the  Internet,  as  well  as  access  ring  tones,  wallpapers,  news,  information 
and  Trek  fan  activities." 

We’ll  assume  it  can  also  make  and  receive  phone  calls? 

DocFinder:  8744 

Shaw  is  Layer  8’s  chief  cook  and  bottle  washer,  as  well  as  managing  editor  of 
NetworkWorld.com.  She  can  be  reached  at  mshaw@nww.com. 


Melissa  Shaw 
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MORE  BUSINESS 
CONFIDENCE. 


With  ProCurve  Networking  by  HP,  you  choose  from  a  comprehensive  set  of  security  solutions — each  designed 
to  help  protect  your  growing  company.  You  get  exclusive  products  like  ProCurve  Secure  Router,  Virus  Throttle, 
Identity  Driven  Management  and  Access  Controller  Module.  And  unlike  most  other  providers,  ProCurve  ensures 
critical  network  security  at  the  edge  where  users  connect  as  well  as  at  the  vulnerable  core.  Edge-to-edge  security 
means  less  downtime,  more  uptime.  ProCurve  means  more  security,  more  affordably. 


Find  out  more  about  ProCurve  Networking.  Call  800-975-7684  Ref  Code  54  or 
download  informative  reports  complete  with  case  studies  and  cost-of-ownership 
analysis  at  www.hp.com/learn/procurve4. 
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DON’T  LET 
SPYWARE 
SABOTAGE  YOUR 
ENTERPRISE. 


The  next  threat  is  no  threat  with  Trend  Micro. 

Expose  and  eradicate  spyware  with  Trend  Micro's  Enterprise-class,  multi-level, 
anti-spyware  solutions.  They're  the  only  solutions  that  block  and  clean  at  the  gateway — 
the  most  effective  point  of  control.  Trend  Micro.  #1  global  leader  at  the  gateway  and 
industry  pioneer.  Whether  it's  a  virus,  worm,  spyware,  or  spam,  we've  got  you  covered. 


For  a  FREE  evaluation  and  IDC  whitepaper, 
go  to  www.trendmicro.com/spyware 
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